Wietse Venema <wie...@porcupine.org> schrieb: > Wietse Venema: >> By itself, dnsxl maps may be useful in contexts that perform "list >> membership" lookup such as smtpd_client_event_limit_exceptions, >> where the lookup result value is ignored, For example, to prevent >> password brute-forcing from bot-infected systems: >> >> smtpd_client_event_limit_exceptions = dnsxl:xbl.spamhaus.org > > Except that this does not block AUTH commands. Currently all that > smtpd_client_event_limit_exceptions does is not announce AUTH support > in the EHLO response.
Hey thanks, I love the potential of this. But how could I block AUTH altogether then? Because that way postfix could be made stop disclosing information about wrong or false credentials to unwanted clients. BTW: Why does smtpd_client_event_limit_exceptions stop announcing AUTH commands? From the docs I would never understand that it acts this way: | smtpd_client_event_limit_exceptions (default: $mynetworks) | SMTP clients that are excluded from connection and rate limits specified | above. This sounds more like a performance tuning option. And OTOH, I'd rather not put malicious clients on that exception list... Hmm... -- Replies to list only preferred.
