Re: Re[2]: how to block connections at TCP level?
This is a discussion on Re: Re[2]: how to block connections at TCP level? within the mailing.postfix.users forums, part of the Mail Servers and Related category; [ On Tuesday, February 10, 2004 at 10:00:28 (+0300), Igor Lidin wrote: ] > Subject: Re[2]: how to block ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-10-2004
|
|||
|
|||
Re: Re[2]: how to block connections at TCP level?
[ On Tuesday, February 10, 2004 at 10:00:28 (+0300), Igor Lidin wrote: ]
> Subject: Re[2]: how to block connections at TCP level? > > Sadly, firewall CAN NOT refuse connection using DNSBL check on > originating address. Well, "CAN NOT" is I think a little bit strong. It's certainly possible, though no doubt not so practical. > When you block at this stage, some amount of traffic already > passed. Ideally (for me), postfix should refuse connections from, say, > dynamically allocated IPs using some blacklist. No application can refuse TCP connections with the standard sockets API. > Practically, I think, > at least some sort of DISCONNECT action in maps can be implemented to > reduce traffic amount used by useless connections. Disconnecting an active SMTP connection without proper protocol interaction will not have the effect you seem to wish it to have -- the client will simply try again later (and perhaps not very much later at all -- e.g. perhaps only milliseconds later if it's badly misbehaved). -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack <woods@robohack.ca> Planix, Inc. <woods@planix.com> Secrets of the Weird <woods@weird.com> 
|
Linear Mode
