Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 11 Jun 2016 16:44:59 +0200
From:      Steffen Nurpmeso <steffen@sdaoden.eu>
To:        freebsd-current@freebsd.org
Subject:   blacklistd and base-system's sendmail
Message-ID:  <20160611144459.T8B2U4AkQ%steffen@sdaoden.eu>

next in thread | raw e-mail | index | archive | help
Hello,

thank you for importing NetBSD's blacklistd into FreeBSD, that
really was great news!  For those of us who don't want to have
a logfile analyzer running that needs to reevaluate things which
the program who produced the entry already knew.

I have my very own exposed server since 2016, the first such ever
(the first six weeks with FreeBSD with services via inetd and five
lines more ipfw rules than i normally have, that was essentially
it, currently AlpineLinux, because i haven't really done anything
with Linux since 2002 and wanted to get up-to-date, so then using
it, too, but i will come back to FreeBSD, for soooo sure), and it
seems i can get away with some firewall rules and traffic shaping
to declassify some of those players which seem to be around.

The most annoying thing that still happens is that mostly
"unknown" people connect to the SMTP server, and then drop the
connection without doing something useful: it is a valid
connection, the connection rate is so low that it doesn't trigger
the shaper, but if you have 60 connections which don't do
something an hour then it produces a lot of noise in the log.

I was hoping that blacklistd would catch those
"nonsense-connections", leaving me with a small and
self-contained, all C/C++ base system.  In particular none of
those pkg-managed log parsers which are mostly Python, or Perl,
but anyway bring in a lot of dependencies for nothing (but parsing
log output of servers and thus reevaluate state that was known to
the generating server).  I.e., NanoBSD the base system and then
get away with normal -- thanks again for all of this, it is
fantastic! -- FreeBSD binary updates.

I would like to kindly ask why it seems as if the blacklistd
support is not patched into sendmail?  That is a real pity!  It is
only local by default, what that HTML review thing says, but with
a single line in inetd, for example, you can have your
world-accessible receiver and you always get the world-wide
sender.  That is enough for even many even "mid-size" companies
i'd assume.  Being protected against the mentioned attacks from
the base system with no further administrative effort i would
appreciate a lot, and i think blacklistd has this capability?

Thanks for your consideration, and have a nice weekend.
Ciao,

--steffen



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160611144459.T8B2U4AkQ%steffen>