[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: Own db of blocked IPs

Witaj Marek,

W Twoim liście datowanym 27 stycznia 2004 (22:03:47) można przeczytać:

MK> Thank's for the prompt replies. 

MK> If I am to go to the RBL, I need to have the DNS which can use the SQL
MK> database as the source of records. I have (really!) about 10 seconds from
MK> the detection of "tricky" IP to the next connection attempt, and during that
MK> time my DNS needs to start to serve those IPs as blocked.

MK> Any ideas?

Yes, really try to use a dns based rbl like djbdns. If you need
something very unusual (you said smthn' about sql) for now I have
found something interesting:
An postgresql based dns :) It is very, very old, but may be a guide.

For performance issues I would rather say that it may be inefficient.
I suppose from the address you are talking of Onet's mail servers. As
I can imagine it has to process a lot of mails :) and 100 times more
malicious connections from worms all over the world :)

So it would be better to build something like fast dynamicaly updatable DNS
with HUGE in memory cache if you need such a fast response.
10s may be too short to rebuild very big database into zone file for rbldns.


If you need some code for it, contact me :) maybe we can do something usefull
for all, and I'm from Poland too :)

greetings to all
 Robert Kurjata

MK> Cheers,
MK> .m

MK> -----Original Message-----
MK> From: Carlos G Mendioroz [mailto:tron@huapi.ba.ar] 
MK> Sent: Tuesday, January 27, 2004 9:59 PM
MK> To: Marek Kowal
MK> Cc: ZMailer list
MK> Subject: Re: Own db of blocked IPs

MK> Sounds like using RBL scheme is the easiest way to go...
MK> just set up a DNS server serving your blocked IPs !

MK> Marek Kowal wrote:

>> Hi there, 
>> I have an external DB of the IPs to be blocked. It is very dynamic (up to
>> 100 new entries per minute) and centralized - many servers should use it.
MK> So
>> the standard Zmailer mechanisms of static blocked IPs are - I guess - no
>> good to me. I am running out of time, so please, help me with the
MK> following:
>> where in the smtpserver should I implement my lookup so that I can discard
>> the connection in either of the places:
>>  - in main smtpserver process, after accept() and before the fork
>>  - in the child smtpserver process
>> Please, help me if you can (and I know you do!) ;-) In the meantime I am
>> digging through the sources myself.
>> Cheers,
>> Marek
>> -
>> To unsubscribe from this list: send the line "unsubscribe zmailer" in
>> the body of a message to majordomo@nic.funet.fi

 Robert Kurjata
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi