CBL:
> Having a lot of dictionary attacks working on guessing login details. I'm
> wondering if there's an easy way to block access to specific IPs prior to
> SASL authentication?
There is no smtpd_sasl_restictions feature, and it is unlikely to
be implemented.
Instead, use postscreen. It blocks clients before they are allowed
to talk to a Postfix SMTP server.
/etc/postfix/main.cf:
postscreen_greet_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = ...your DNSBL server here...
You can use rbldnsd to run your own DNSBL server.
Wietse
