Steffen Nurpmeso wrote in
<20230324185751.jdgjq%stef...@sdaoden.eu>:
|Bernardo Reino wrote in
| <10n74127-037p-o42n-6617-3po1sq231...@oozx.bet>:
||On Fri, 24 Mar 2023, Steffen Nurpmeso wrote:
||> Bernardo Reino wrote in
||> <79552717-5p3o-8q26-r963-124or6r66...@oozx.bet>:
||>|On Thu, 23 Mar 2023, Steffen Nurpmeso via Postfix-users wrote:
||> ...
||>|> (That is pretty off-topic for postfix; except maybe for fun
||>|> posting my SMTP related firewall
||> ...
||>|> add_rule -p tcp --src ${addr}${mask} \
||>|> --dport ${p_smtp} -m limit --limit 60/m \
||>|> -j f_m0_2
||> ...
||>|Could it be that $mask is set to something like /24 (or worse), and that
||>|somebody in the (ip) neighborhood of Jaroslaw is triggering your script?
||>
||> 60/m is low heh? This is only a very, very small corner of the
||> internet. These "unlimited" are mostly about bandwidth.
||
||I meant that maybe you were blocking a whole /24 range (i.e. mask=/24) \
||so that
||Jaroslaw's IP address was being blocked by mistake.
|
|Ah, you really meant it literally?
|The above is actually "unblocking".
|Jaroslaw did something no-good, he must have accessed ports which
|are not meant to be accessed, likely SSH or so, because normally
|he would have went through a "rejection" chain a couple of times,
|then entered "alien", and only then, after some more actions, he
|would have entered "alien_super". Yet, two days ago, i was seeing
|live that he was not only in the "smtp" Linux firewall "-m recent"
|list, but directly entered "alien_super". But i am not logging or
|something, in fact i am funeral dry regarding all that mess,
|i have so much to do with off-topic things that unfocus me from
|reading, programming, and nature impressions, four to five hours
|a day, all in all, for caring for the (other) animal friends
|alone, sorry.
|
||I realize that the rules you posted relate to rate limiting (which \
||is OK, and
||60/m is also not low for my standards), but thought that maybe whatever \
||other
||script you may be using for the actual blocking may be doing the same.
|
|Hm, cron-parse-mail.awk does in END{}
|
| ...
| if(dropno > 0){
| if(DEBUG > 1)
| print "/root/bin/net-qos.sh add alien_super " ipl
| else
| system("/root/bin/net-qos.sh add alien_super " ipl)
| ...
|
|so yes -- but i did not see anything of him in /var/log/mail
|except good mails i had in inbox. IIrc. (Server is AlpineLinux,
|with busybox syslogd (though otherwise i swear on
|github.com/troglobit/sysklogd) and SYSLOGD_OPTS="-D -S -t -b 5",
|ie a megabyte of logs all-in-all, which is not much for postfix.
|Dependent upon how many "attackers" there are, not more than
|a day; about 23 hours right now.
|
||To me it is still not clear what the problem is, i.e. what is triggering \
||your
||blocking of his connections, but I suspect it's an error from your \
||side (i.e.
||from your firewall rules and/or log-parsing-scripts).
|
|These are pretty much unchanged for some years.
I was actually blocklisted ever since i wrote the message against
the western way of doing things, reiterating Karl Marx (150 years)
and the adorable (mostly American i think) Club of Rome (51
years), i hope i have done so.
I get many dozens of NetBSD mails, there must have been an
"unlock". Hihihihi.
I am delighted that a representative of a German hospital (and of
a very famous one) is on this list!
And now stopping off-topicisim by quoting Harry Mulisch from "The
discovery of the heaven" (there are books of him i like more) with
"The screaming blue eyed is Kindergartened, but the real hero of
our story will eventually discover heaven", which is really what
i hope. Thank you.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
