Yes, I am using postscreen.
So I’m presuming that’s enough.
postconf -n | grep postscreen
postscreen_access_list = permit_mynetworks,
cidr:/usr/local/etc/postfix/postscreen_access.cidr,
cidr:/usr/local/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = btree:$data_directory/postscreen_cache
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?10}${stress:300}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps =
$smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/usr/local/etc/postfix/dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org*3, bl.mailspike.net*2,
b.barracudacentral.org*2, bl.spameatingmonkey.net, bl.spamcop.net,
dnsbl.sorbs.net, psbl.surriel.com, swl.spamhaus.org*-4,
list.dnswl.org=127.[0..255].[0..255].0*-2,
list.dnswl.org=127.[0..255].[0..255].1*-3,
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4,
wl.mailspike.net=127.0.0.[17;18]*-1, wl.mailspike.net=127.0.0.[19;20]*-2,
ix.dnsbl.manitu.net, bl.blocklist.de, list.dnswl.org=127.0.[0..255].0*-1,
list.dnswl.org=127.0.[0..255].1*-2, list.dnswl.org=127.0.[0..255].[2..3]*-3,
iadb.isipp.com=127.0.[0..255].[0..255]*-2,
iadb.isipp.com=127.3.100.[6..200]*-2, wl.mailspike.net=127.0.0.[17;18]*-1,
wl.mailspike.net=127.0.0.[19;20]*-2
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_ttl = 1h
postscreen_dnsbl_whitelist_threshold = -4
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = enforce
postscreen_greet_banner = Bienvenue et merci d'attendre qu'on vous assigne une
place
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_use_tls = $smtpd_use_tls
postscreen_watchdog_timeout = 10s
> On 8 Mar 2016, at 16:37, @lbutlr <krem...@kreme.com> wrote:
>
> On Mar 8, 2016, at 9:15 AM, Robert Chalmers <rob...@chalmers.com.au> wrote:
>> I can put them in a postfix blacklist. And possible write a script to update
>> the list on a daily basis as more are added.
>
> Are you using postscreen? If not, you should. You’ll see dogs like:
>
> Mar 8 09:35:20 mail postfix/postscreen[78466]: CONNECT from
> [196.207.111.150]:55638 to [65.121.55.42]:25
> Mar 8 09:35:21 mail postfix/postscreen[78466]: PREGREET 22 after 0.87 from
> [196.207.111.150]:55638: HELO 196.207.111.150\r\n
> Mar 8 09:35:21 mail postfix/postscreen[78466]: DNSBL rank 9 for
> [196.207.111.150]:55638
> Mar 8 09:35:22 mail postfix/postscreen[78466]: NOQUEUE: reject: RCPT from
> [196.207.111.150]:55638: 450 4.7.1 Service unavailable; client
> [196.207.111.150] blocked using zen.spamhaus.org; from=<>, to=<*munged*>,
> proto=SMTP, helo=<196.207.111.150>
> Mar 8 09:35:23 mail postfix/postscreen[78466]: HANGUP after 1.7 from
> [196.207.111.150]:55638 in tests after SMTP handshake
>
> If you want to blacklist them, you should look at something like sshguard.
>
> --
> Behind every great man there's a woman with a vibrator -- Hawkeye Pierce
>
Robert Chalmers
rob...@chalmers.com <mailto:rob...@chalmers.com>.au Quantum Radio:
http://tinyurl.com/lwwddov
Mac mini 6.2 - 2012, Intel Core i7,2.3 GHz, Memory:16 GB. El-Capitan 10.11.
XCode 7.2.1
2TB: Drive 0:HGST HTS721010A9E630. Upper bay. Drive 1:ST1000LM024 HN-M101MBB.
Lower Bay
