>>>>> On January 1, 2025 Viktor Dukhovni via Postfix-users >>>>> <postfix-users@postfix.org> wrote:
> On Wed, Jan 01, 2025 at 08:13:35PM -0500, Greg Klanderman via > Postfix-users wrote: >> I'm fine with allowing a little probing, especially if the host >> doing so has reverse DNS set up, which I assume you do. But I do >> not see any trace of 'dnssec-tools.org' in my logs; is that the >> domain you are using for the host(s) doing the probing? > The web page and survey engine are separate, the engine runs on > "dnssec-stats.ant.isi.edu". And you'd only see connections if your > MX host has DNSSEC-signed TLSA records for _25._tcp. Ahh yeah I am not using DNSSEC. >> I just noticed a single unknown host is connecting ~1000x per day, >> with fingerprint 'ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4' so >> that's my first target. > If you take volume into account, you should be fine with > "responsible" survey engines. You could do some IPv4 aggregation at > /26 or so and IPv6 at roughly /48. Good idea.. thank you! Greg _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
