[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: Own db of blocked IPs

To: Marek Kowal <marek.kowal@portal.onet.pl>
Subject: Re[2]: Own db of blocked IPs
From: Robert Kurjata <rkurjata@ire.pw.edu.pl>
Date: Tue, 27 Jan 2004 23:01:06 +0100
CC: ZMailer list <zmailer@nic.funet.fi>
In-Reply-To: <3B372C82CD4B084D9B2B7BF2283FC6FD10E53B@foxtrot.onet>
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
References: <3B372C82CD4B084D9B2B7BF2283FC6FD10E53B@foxtrot.onet>
Reply-To: Robert Kurjata <rkurjata@ire.pw.edu.pl>
Sender: zmailer-owner@nic.funet.fi

Witaj Marek,

W Twoim liście datowanym 27 stycznia 2004 (22:03:47) można przeczytać:

MK> Thank's for the prompt replies. 

MK> If I am to go to the RBL, I need to have the DNS which can use the SQL
MK> database as the source of records. I have (really!) about 10 seconds from
MK> the detection of "tricky" IP to the next connection attempt, and during that
MK> time my DNS needs to start to serve those IPs as blocked.

MK> Any ideas?

Yes, really try to use a dns based rbl like djbdns. If you need
something very unusual (you said smthn' about sql) for now I have
found something interesting:
      http://untroubled.org/sqldjbdns/
An postgresql based dns :) It is very, very old, but may be a guide.

For performance issues I would rather say that it may be inefficient.
I suppose from the address you are talking of Onet's mail servers. As
I can imagine it has to process a lot of mails :) and 100 times more
malicious connections from worms all over the world :)

So it would be better to build something like fast dynamicaly updatable DNS
with HUGE in memory cache if you need such a fast response.
10s may be too short to rebuild very big database into zone file for rbldns.

PS.

If you need some code for it, contact me :) maybe we can do something usefull
for all, and I'm from Poland too :)

greetings to all
 Robert Kurjata

MK> Cheers,
MK> .m

MK> -----Original Message-----
MK> From: Carlos G Mendioroz [mailto:tron@huapi.ba.ar] 
MK> Sent: Tuesday, January 27, 2004 9:59 PM
MK> To: Marek Kowal
MK> Cc: ZMailer list
MK> Subject: Re: Own db of blocked IPs

MK> Sounds like using RBL scheme is the easiest way to go...
MK> just set up a DNS server serving your blocked IPs !

MK> Marek Kowal wrote:

>> Hi there, 
>> 
>> I have an external DB of the IPs to be blocked. It is very dynamic (up to
>> 100 new entries per minute) and centralized - many servers should use it.
MK> So
>> the standard Zmailer mechanisms of static blocked IPs are - I guess - no
>> good to me. I am running out of time, so please, help me with the
MK> following:
>> where in the smtpserver should I implement my lookup so that I can discard
>> the connection in either of the places:
>> 
>>  - in main smtpserver process, after accept() and before the fork
>>  - in the child smtpserver process
>> 
>> Please, help me if you can (and I know you do!) ;-) In the meantime I am
>> digging through the sources myself.
>> 
>> Cheers,
>> Marek
>> -
>> To unsubscribe from this list: send the line "unsubscribe zmailer" in
>> the body of a message to majordomo@nic.funet.fi
>> 
>> 

-- 
Pozdrowienia,
 Robert Kurjata
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

Follow-Ups:
- Re: Own db of blocked IPs
  - From: Matti Aarnio <mea@nic.funet.fi> (Wed, 28 Jan 2004 02:04:07 +0200)

References:
- RE: Own db of blocked IPs
  - From: Marek Kowal <marek.kowal@portal.onet.pl>

Prev by Date: RE: Own db of blocked IPs
Next by Date: RE: Own db of blocked IPs
Prev by thread: RE: Own db of blocked IPs
Next by thread: Re: Own db of blocked IPs
Index(es):
- Date
- Thread