Date: Sat, 11 Jun 2016 16:44:59 +0200 From: Steffen Nurpmeso <steffen@sdaoden.eu> To: freebsd-current@freebsd.org Subject: blacklistd and base-system's sendmail Message-ID: <20160611144459.T8B2U4AkQ%steffen@sdaoden.eu>
next in thread | raw e-mail | index | archive | help
Hello, thank you for importing NetBSD's blacklistd into FreeBSD, that really was great news! For those of us who don't want to have a logfile analyzer running that needs to reevaluate things which the program who produced the entry already knew. I have my very own exposed server since 2016, the first such ever (the first six weeks with FreeBSD with services via inetd and five lines more ipfw rules than i normally have, that was essentially it, currently AlpineLinux, because i haven't really done anything with Linux since 2002 and wanted to get up-to-date, so then using it, too, but i will come back to FreeBSD, for soooo sure), and it seems i can get away with some firewall rules and traffic shaping to declassify some of those players which seem to be around. The most annoying thing that still happens is that mostly "unknown" people connect to the SMTP server, and then drop the connection without doing something useful: it is a valid connection, the connection rate is so low that it doesn't trigger the shaper, but if you have 60 connections which don't do something an hour then it produces a lot of noise in the log. I was hoping that blacklistd would catch those "nonsense-connections", leaving me with a small and self-contained, all C/C++ base system. In particular none of those pkg-managed log parsers which are mostly Python, or Perl, but anyway bring in a lot of dependencies for nothing (but parsing log output of servers and thus reevaluate state that was known to the generating server). I.e., NanoBSD the base system and then get away with normal -- thanks again for all of this, it is fantastic! -- FreeBSD binary updates. I would like to kindly ask why it seems as if the blacklistd support is not patched into sendmail? That is a real pity! It is only local by default, what that HTML review thing says, but with a single line in inetd, for example, you can have your world-accessible receiver and you always get the world-wide sender. That is enough for even many even "mid-size" companies i'd assume. Being protected against the mentioned attacks from the base system with no further administrative effort i would appreciate a lot, and i think blacklistd has this capability? Thanks for your consideration, and have a nice weekend. Ciao, --steffen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160611144459.T8B2U4AkQ%steffen>