>>>>> On January 1, 2025 Viktor Dukhovni via Postfix-users >>>>> <postfix-users@postfix.org> wrote:
> As the operator of a "responsible" SMTP survey engine: > https://stats.dnssec-tools.org/about.html > https://stats.dnssec-tools.org/ > that connects just a few times a day (once per IP address of an MX > host, with deduplication when the same MX host handles multiple > domains), I would like to ask that you not just block every source > that connects without delivering mail. Hi Victor, I'm fine with allowing a little probing, especially if the host doing so has reverse DNS set up, which I assume you do. But I do not see any trace of 'dnssec-tools.org' in my logs; is that the domain you are using for the host(s) doing the probing? I need to figure out if fail2ban can accommodate but ideally I'd subject unknown hosts to stricter thresholds. Having several domains but only a single MX host I guess you'd be far below any threshold I care about. I just noticed a single unknown host is connecting ~1000x per day, with fingerprint 'ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4' so that's my first target. thank you, Greg _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
