dictionary-attack
How do I configure my postfix not to accept the emails which sent on invalid address?, since morning we have been noticed that there huge spam dictionary attack on our server, all originated emails are from random IPs and random from address to the invalid recipient. Thanks in advance for you kind help in regards to the control such spam emails. Regards, __ Mohammed Ejaz Sr,Systems Administrator Middle East Internet Company (CYBERIA)
Re: dictionary-attack
Ejaz: > How do I configure my postfix not to accept the emails which sent on invalid > address?, It doesn't, unless you make a configuration error that causes Postfix to actually accept mail for non-existent recipients. http://www.postfix.org/DEBUG_README.html#mail > since morning we have been noticed that there huge spam > dictionary attack on our server, all originated emails are from random IPs > and random from address to the invalid recipient. See http://www.postfix.org/STRESS_README.html if this is slowing down your mail delivery, or just wait until it is over. Wietse
Re: dictionary-attack
Ejaz skrev den 2013-03-23 11:49: How do I configure my postfix not to accept the emails which sent on invalid address?, since morning we have been noticed that there huge spam dictionary attack on our server, all originated emails are from random IPs and random from address to the invalid recipient. pretty common, just make sure not to use catch-all in postfix, then logs and count what ips abuse most or is not have there own rir listning (dynamic ips should be smtp auth only) Thanks in advance for you kind help in regards to the control such spam emails. are you missing http://www.hardwarefreak.com/fqrdns.pcre ? :)
Re: dictionary-attack
On 3/23/2013 9:31 AM, Benny Pedersen wrote: > Ejaz skrev den 2013-03-23 11:49: >> How do I configure my postfix not to accept the emails which sent on >> invalid address?, since morning we have been noticed that there huge >> spam dictionary attack on our server, all originated emails are from >> random IPs and random from address to the invalid recipient. > > pretty common, just make sure not to use catch-all in postfix, then logs > and count what ips abuse most or is not have there own rir listning > (dynamic ips should be smtp auth only) > >> Thanks in advance for you kind help in regards to the control such >> spam emails. > > are you missing http://www.hardwarefreak.com/fqrdns.pcre ? :) This may help some if the clients are spambots, which they likely are. It won't reject connections any quicker than reject_unlisted_recipient, but it won't tell the attacker what addresses aren't valid either, making a dictionary attack more difficult. But for this scenario postscreen would be better all around as it prevents the spambots from tying up multiple smtpd processes and potentially slowing down mail delivery. -- Stan
Re: Dont add the $myorigin domain to the FROM header field
Victor d'Agostino skrev den 2013-03-22 17:44: I would like to know how to disable this behavior, append_dot_mydomain is already set to no. as you see postfix will not do "Shakira, Laundry Service All songs" :) you have to fix it self before calling sendmail
Re: dictionary-attack
Am 23.03.2013 11:49, schrieb Ejaz: > How do I configure my postfix not to accept the emails which sent on > invalid address?, since morning we have been noticed that there huge > spam dictionary attack on our server, all originated emails are from > random IPs and random from address to the invalid recipient. > > > > Thanks in advance for you kind help in regards to the control such spam > emails. > > > > Regards, > __ > Mohammed Ejaz > Sr,Systems Administrator > Middle East Internet Company (CYBERIA) > > > lets see your postfix conf, dont let people speculate what you might miss Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
compile and path
Dear all, i compiled postfix with : make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql/' CCARGS='-DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE= \"dovecot\"' CCARGS='-DUSE_TLS -I/usr/include/openssl/' 'AUXLIBS=-L/usr/lib64/mysql -L/usr/lib -lmysqlclient -lz -lm -lssl -lcrypto ' i checked their path on my machine. they was correct.library and include files. Question: can i use many CCARGS when i use make command? because when i compiled and use ehlo localhost, i didn't startls, i saw: // root@mail:/opt/postfix/etc/postfix# telnet 0 25 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. 220 mail.pahlevanzadeh.info ESMTP Postfix ehlo localhost 250-mail.pahlevanzadeh.info 250-PIPELINING 250-SIZE 3072 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN / Yours, Mohsen
