this post was submitted on 06 Aug 2023
34 points (92.5% liked)

Selfhosted

39151 readers
887 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
34
Any recommendations of countries to block from server logins? (mander.xyz)
submitted 1 year ago by Shdwdrgn@mander.xyz to c/selfhosted@lemmy.world
22 comments fedilink hide all child comments
 

I run my own email server, and a friend received a compromised laptop from work which resulted in a spam attack from Russia yesterday. Turtle settings saved the days with thousands of emails still in the queue when I saw the problem, however it made me realize that everyone with accounts on my server are local, do not travel, and have no requirement to send emails from outside the country.

I found how to use the smtpd_discard_ehlo_keyword_address_maps setting in postfix to block a CIDR list of IPs, then found a maintained list of IPs by country codes on github. Cool so far, and a script to keep my local list updated was easy enough.

Now the question is, what countries should I be blocking? There are plenty of lists of the top hacking sources, but it's hard to block #2 (the US) when that's where I am located. But otherwise, does anyone have a list of countries they outright block from logging on to their servers? From the above google searches I have 17 countries blocked so far, and in the first 30 minutes already stopped login attempts from three of those countries, so it appears to be working.

Of course I could write a script to parse my logs to see who has already made attempts, but that's what services like fail2ban are for, and I'm just wondering if there are any countries in particular I should directly block? My list so far includes the following: ae bg br cn de hk id in ir iq il kp ng ru sa th vn

The question itself may not be that interesting, but I thought at the very least some folks might be interested in my experience and think about doing something similar themselves. I can post more details of what I did if there is any interest.

you are viewing a single comment's thread
view the rest of the comments
[–] tekeous@apollo.town 6 points 1 year ago (2 children)

I use CrowdSec which does that for you. Crowdsourced smart fail2ban, basically.

[–] Shdwdrgn@mander.xyz 1 points 1 year ago (1 children)

Any site you would suggest I look at for info about this, or how to apply it to postfix smtp authentication?

[–] volle@feddit.de 1 points 1 year ago

crowdsec can be setup to configure your firewall so all incoming traffic will be filtered by the banlists.