Re: Accept external SMTP traffic only from MX hosts

Thu, 24 Apr 2014 07:52:19 -0700 

On 23/04/2014 7:43 PM, John Griessen wrote:

On 04/23/2014 04:07 PM, Ron Wheeler wrote:
Another approach to reduce SPAM would be to use fail2ban for a "reasonable" period to shut out IP addresses for a "reasonable" 
period that are sending a "lot" of SPAM in a "short" period.



Hi,


Are you meaning to allow relaying that way, or just for mail that has 
a destination

at your server?


We do not allow relaying from any unauthenticated user.

I want to prevent legitimate users (our staff) from sending SPAM.
This prevents a hacked account from being used.

We use Spamassassin to detect and kill incoming SPAM.

We could block the source of these but are too small to differentiate 
between legitimate e-mail addressed to most of the staff

and spam to everyone.



I've been trying to figure how to get my mail server to do TLS, but 
then found my idea
of do TLS was about sealing off any but a whitelist of senders, and 
the list folk think differently,
but then my wife wanted it on a trip, and it became too complicated to 
do with my old setup.





You need clients that can authenticate which is pretty common and you 
need to set up Postfix to authenticate a user before accepting SMTP 
messages that need to be relayed out of your network.



So now, I'm planing to switch to dovecot for IMAP mail, and not sure 
what security for
on the road uses, and not sure at all what is practical for 
smart-phone uses,
and the list folk seem to hate OT anything, and howto a complete 
server setup

they definitely put in OT category.


We use dovecot. You need to use fail2ban to prevent dovecot from 
dictionary attacks or other probing to break passwords.



So, if you've found a limiting way that doesn't get you blacklisted, 
I'm all ears.




There is no guarantee since hackers are always finding new things to try.

I have tried to stop anyone from mounting attacks or sneaking into our 
Postfix but I still monitor the message queue for evidence that someone 
has got in.




John Griessen


Already blacklisted for no discernible reason by yahoo.com for bounces 
from a mailman list

I run...


Getting off blacklists is possible but takes time.


Ron

--
Ron Wheeler
President
Artifact Software Inc
email: rwhee...@artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102























					Reply via email to