[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: Own db of blocked IPs
Witaj Marek,
W Twoim liście datowanym 27 stycznia 2004 (22:03:47) można przeczytać:
MK> Thank's for the prompt replies.
MK> If I am to go to the RBL, I need to have the DNS which can use the SQL
MK> database as the source of records. I have (really!) about 10 seconds from
MK> the detection of "tricky" IP to the next connection attempt, and during that
MK> time my DNS needs to start to serve those IPs as blocked.
MK> Any ideas?
Yes, really try to use a dns based rbl like djbdns. If you need
something very unusual (you said smthn' about sql) for now I have
found something interesting:
http://untroubled.org/sqldjbdns/
An postgresql based dns :) It is very, very old, but may be a guide.
For performance issues I would rather say that it may be inefficient.
I suppose from the address you are talking of Onet's mail servers. As
I can imagine it has to process a lot of mails :) and 100 times more
malicious connections from worms all over the world :)
So it would be better to build something like fast dynamicaly updatable DNS
with HUGE in memory cache if you need such a fast response.
10s may be too short to rebuild very big database into zone file for rbldns.
PS.
If you need some code for it, contact me :) maybe we can do something usefull
for all, and I'm from Poland too :)
greetings to all
Robert Kurjata
MK> Cheers,
MK> .m
MK> -----Original Message-----
MK> From: Carlos G Mendioroz [mailto:tron@huapi.ba.ar]
MK> Sent: Tuesday, January 27, 2004 9:59 PM
MK> To: Marek Kowal
MK> Cc: ZMailer list
MK> Subject: Re: Own db of blocked IPs
MK> Sounds like using RBL scheme is the easiest way to go...
MK> just set up a DNS server serving your blocked IPs !
MK> Marek Kowal wrote:
>> Hi there,
>>
>> I have an external DB of the IPs to be blocked. It is very dynamic (up to
>> 100 new entries per minute) and centralized - many servers should use it.
MK> So
>> the standard Zmailer mechanisms of static blocked IPs are - I guess - no
>> good to me. I am running out of time, so please, help me with the
MK> following:
>> where in the smtpserver should I implement my lookup so that I can discard
>> the connection in either of the places:
>>
>> - in main smtpserver process, after accept() and before the fork
>> - in the child smtpserver process
>>
>> Please, help me if you can (and I know you do!) ;-) In the meantime I am
>> digging through the sources myself.
>>
>> Cheers,
>> Marek
>> -
>> To unsubscribe from this list: send the line "unsubscribe zmailer" in
>> the body of a message to majordomo@nic.funet.fi
>>
>>
--
Pozdrowienia,
Robert Kurjata
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi