Loading ...
Sorry, an error occurred while loading the content.
 

Re: Time based blacklist or similar?

Expand Messages
  • Robert Schetterer
    ... not exact what your looking for , but i ve done some iptables recent solution feeding from rsyslog pipe with postscreen spamhaus filter against big botnet
    Message 1 of 7 , Apr 3, 2013
      Am 03.04.2013 16:10, schrieb Chad M Stewart:
      >
      > Before I go and write my own solution I thought I'd see if anyone knows of an existing solution.
      >
      > Now and again I'd like to put an IP on a local blacklist and have an expiration time set as well. I'm using postscreen as well and ideally the blacklist will get implemented via postscreen.
      >
      > Anyone know of an existing tool that integrates with postfix that would let me do what I want? I'm open to storing the IP and TTL values in plain text, MySQL, rbldnsd, etc..
      >
      >
      > Thank you,
      > Chad
      >
      >

      not exact what your looking for , but i ve done some iptables recent
      solution feeding from rsyslog pipe with postscreen spamhaus filter
      against big botnet logins, much faster then fail2ban

      however ,with iptables recent you can do firewalling ips, experation auto

      to get in idea what i mean look

      http://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/

      and/or

      http://blog.schaal-24.de/?p=1626

      sorry only german

      http://www.stearns.org/doc/adaptive-firewalls.v0.1.html




      Best Regards
      MfG Robert Schetterer

      --
      [*] sys4 AG

      http://sys4.de, +49 (89) 30 90 46 64
      Franziskanerstraße 15, 81669 München

      Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
      Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
      Aufsichtsratsvorsitzender: Joerg Heidrich
    • Benny Pedersen
      ... what problem will it solve to get the spam later ?, to me it looks like you can get it done with any greylist server, and there set greylist time to 24
      Message 2 of 7 , Apr 3, 2013
        Chad M Stewart skrev den 2013-04-03 16:10:

        > Anyone know of an existing tool that integrates with postfix that
        > would let me do what I want? I'm open to storing the IP and TTL
        > values in plain text, MySQL, rbldnsd, etc..

        what problem will it solve to get the spam later ?, to me it looks like
        you can get it done with any greylist server, and there set greylist
        time to 24 hour or so ? :)

        greylistning helps urls to get listed before one get them for scanning,
        is that what you like to solve ?
      Your message has been successfully submitted and would be delivered to recipients shortly.