[Mailman-Users] How do I run 2.x mailman more securely?
incoming-pythonlists at rjl.com
incoming-pythonlists at rjl.com
Thu May 31 23:33:53 EDT 2018
On 05/31/2018 06:24 PM, Grant Taylor via Mailman-Users wrote:
>
>> There are many ways to implement the same thing. Before there were
>> modules in the kernel for this, I simply pulled lists of address
>> blocks out of databases and incorporated them into my IPtables
>> lists. There are better tools to do this today.
>
> ACK
>
> I'm curious, did you use IPSets or just a rule per network / IP?
I wrote scripts that read the list and generated a rule per network. It
can be slow, but has worked reliably for many years. Since it is a
mailserver, performance has not been a big issue. I am in the process
of designing a replacement. If you enter your list of networks as a
separate iptables list, then you only need to call that list when the
traffic is on the relevant port(s), so you avoid traversing the list for
other services.
Nataraj
More information about the Mailman-Users
mailing list