On 3/1/2022 14:55, Alexander Stienstra wrote:
On 29-12-2021 11:13, Matus UHLAR - fantomas wrote:
- With smtpd_delay_reject=no, Postfix will log a DNSBL 'reject' in
smtpd_client_restrictions without any sender or recipient information.
That makes it difficult to answer questions about "missing" email.
And when SASL is used with delays set to no, when the first reject
happens, client is out so the very much wanted authentication info is
delayed and that decreases the guessing possibilities extremely low
and makes the attack close to impossible to ever succeed with proper
RBL updating.
fail2ban can to this. you can fill your local dnsbl with that, although I
prefer blocking connection from those IPs at firewall level.
I am guessing you use fail2ban to block those IP's at firewall level. So
fail2ban is not a bad place to start in any case, it can take care of both.
Yes fail2ban can be used to fill your local DNSBL. If you try to use
only fail2ban though for very long term, or permanent blocking at
firewall level, then it is only a matter of time when firewall limits
will be pushed and possibly reached. If you are targeted, we are talking
about thousands of IPs so that may be one problem.
Another problem with fail2ban is the expandability and management in
case of multiple mail servers for example. A DNSBL can very easily be
deployed from anywhere you may choose from and be managed from a single
point.
Lefteris
