On 23-10-2024 10:21, Viktor Dukhovni via Postfix-users wrote:
On Wed, Oct 23, 2024 at 10:04:06AM +0300, Ivan Ionut via Postfix-users
wrote:
Does Postfix can detect an initiated sasl login (before any
failed/success).
If so, does it have built in option or I must create a shell script or
a
custom filter in master.cf for this?
P.S. I'm interesting to allow my server to receive mails from a large
blacklisted ips, but I want to block sasl logins from this list.
You should not enable SASL on port 25. And incoming mail to port 25
will almost never attempt SASL login. Any SASL login attempts you see
on port 25 will be just attempts at brute-forcing passwords, not actual
mail deliveries.
You will then SASL login attempts only ports 465/587, if you're also
hosting submission services. You can choose to ignore these, or
configure fail2ban, ... if sufficiently motivated.
Well, yes I do have submission service on the same server... and I do
have disabled SASL on port 25 and my logs on failed attempts are
something like this:
Oct 23 08:15:12 myhost postfix/submission/smtpd[1888892]: warning:
unknown[xxx.xxx.xxx.xxx]: SASL PLAIN authentication failed:
Oct 23 08:19:26 myhost postfix/submission/smtpd[1897067]: warning:
spamhost [xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed:
UGFzc3dvcmQ6
On my firewall strategy:
1) port 25 is completely open with sasl disabled;
2) I have two lists of ipsets ip and ip-cidr blocked for ports
110,143,993,995,465 - daily updated with a custom script
3) port 587 completely open with sasl enabled
And there were situations that some good guys were blocked from ip-cidr
set (some third party servers were spammers :D )
The fail2ban solution is the most used...but before I adapt to it..I was
wondering if I can use some alternatives._______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
