Jaroslaw Rafa wrote in
<20230322230223.ga17...@rafa.eu.org>:
|Dnia 22.03.2023 o godz. 23:05:59 Steffen Nurpmeso via Postfix-users pisze:
|> I have very strict firewall rules, and you have become blocked for
|> last access + 84000 seconds.
|> Should work again.
|
|I again got blocked... As I wrote you off-list, I'm running now tcpdump \
|with
|filter set to "host 217.144.132.164" and there's no other traffic except
|normal SMTP traffic to port 25. Have no idea where any strange packets \
|might
|originate.
You are unlocked again. (But as it periodically came back
every few minutes yesterday evening, it likely will now, too.)
This cannot be if you do normal SMTP or HTTP, not from the
firewall side. These rules only lowers bandwidth, but it is not
that slow for normal SMTP traffic in the end overall. No way via
SMTP or HTTP into alien or even alien_super.
I have (a) simple AWK parser(s) on the postfix (and HTTP) logs,
but really simple (though not so simple as the first version), and
needs REJECT or "too many errors after", and there was nothing
strange from your side last night when i looked either. Not in
the SMTP logs.
Note i do not look at the logs, nor make statistics, and the
firewall does not log at all, except some SSH/VPN cases, i have no
idea what you are doing. But you did not go over alien into
alien_super, that much is plain. :)
(That is pretty off-topic for postfix; except maybe for fun
posting my SMTP related firewall
...
fwcore_has_i smtp && add_rule -p tcp --dport ${p_smtp} -j i__smtp
fwcore_has_i smtps && add_rule -p tcp --dport ${p_smtps} -j i__smtp
fwcore_has_i submission &&
add_rule -p tcp --dport ${p_submission} -j i__smtp
...
# i__smtp chain {{{
if fwcore_has_i smtp || fwcore_has_i smtps || fwcore_has_i submission; then
change_chain i__smtp
if [ -n "${FWCORE_SMTPX_NOLIMIT_PEERS}" ]; then
for i in ${FWCORE_SMTPX_NOLIMIT_PEERS}; do
if ipaddr_split a "${i}"; then
if fwcore_has_i smtp; then
[ -z "${port}" -o "${port}" = smtp ] &&
add_rule -p tcp --src ${addr}${mask} \
--dport ${p_smtp} -m limit --limit 60/m -j f_m0_2
fi
if fwcore_has_i smtps; then
[ -z "${port}" -o "${port}" = smtps ] &&
add_rule -p tcp --src ${addr}${mask} \
--dport ${p_smtps} -m limit --limit 60/m -j f_m0_2
fi
#if fwcore_has_i submission; then
# [ -z "${port}" -o "${port}" = submission ] &&
# add_rule -p tcp --src ${addr}${mask} \
# --dport ${p_smtps} -m limit --limit 60/m -j f_m0_2
#fi
fi
done
fi
#-m recent --name alien --set
# Alienization now handled by cron-parse-mail.awk
# -m recent --name alien --set
add_rule -m recent --name smtp --set \
-m recent --name smtp ! --rcheck --seconds 600 --reap --hitcount 20 \
-j f_m2
add_rule -m recent --name smtp --rcheck --seconds 120 --hitcount 16 \
-j f_m5
add_rule -m recent --name smtp ! --rcheck --hitcount 32 -j f_m3
add_rule -j f_m5
fi
# }}}
No submission via firewall but through VPN.
(SMTP de facto is "submissions", however. Yet, i could comment
that out.) I hope i have not yet bored anyone by have posted that
already in the past.)
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
