Christian R??ner:
> The most common library is libmilter and I have no
> idea, what exactly this Postfix feature means? By asking, I think
> about two callbacks in libmilter:
>
> xxfi_header(SMFICTX *ctx, char *header_key, char *header_value)
If the client requests SMTPUTF8, header values may con
Am 09.07.2016 um 19:40 schrieb Lefteris Tsintjelis:
> On 09 Jul 2016, at 19:34, Robert Schetterer wrote:
>
> Am 09.07.2016 um 17:07 schrieb Lefteris Tsintjelis:
>> Is this a good postfix way to stall attackers (besides log parsing and
>> fire walling)? Bots are increasing dramatically these days
On 09 Jul 2016, at 19:34, Robert Schetterer wrote:
Am 09.07.2016 um 17:07 schrieb Lefteris Tsintjelis:
> Is this a good postfix way to stall attackers (besides log parsing and
> fire walling)? Bots are increasing dramatically these days
>
> smtpd_soft_error_limit = 1
> smtpd_hard_error_limit = 1
Limiting the number of simultaneous connections will fend off an
attacker until fail2ban kicks in.
For my (domestic) server, I have in main.cf :-
smtpd_client_connection_count_limit = 2
This is inherited by postscreen, which does a good job of throwing out
surplus connections.
Again - appropr
Am 09.07.2016 um 17:07 schrieb Lefteris Tsintjelis:
> Is this a good postfix way to stall attackers (besides log parsing and
> fire walling)? Bots are increasing dramatically these days
>
> smtpd_soft_error_limit = 1
> smtpd_hard_error_limit = 1
> smtpd_error_sleep_time = 16s (or even more)
as i
Isn't a flood attack more likely? I would look into the rate limiting.
I used a script to flood the server and the limiting does kick in.
I also tried dumping random text at the mail port and it eventually makes some
funny comment then stops listening.
There doesn't seem to be much mail serv
Is this a good postfix way to stall attackers (besides log parsing and
fire walling)? Bots are increasing dramatically these days
smtpd_soft_error_limit = 1
smtpd_hard_error_limit = 1
smtpd_error_sleep_time = 16s (or even more)
On 09/07/2016 17:50, Viktor Dukhovni wrote:
On Sat, Jul 09, 2016 at 05:46:51PM +0300, Lefteris Tsintjelis wrote:
>(not writing to /dev/null, only discarding input)
Yes! Great idea, much better and simpler in CPU cycles than dev null
actually! Thanks!
If you really want to save CPU cycles, us
On Sat, Jul 09, 2016 at 05:46:51PM +0300, Lefteris Tsintjelis wrote:
> >(not writing to /dev/null, only discarding input)
>
> Yes! Great idea, much better and simpler in CPU cycles than dev null
> actually! Thanks!
If you really want to save CPU cycles, use the discard(8) transport,
it is consid
On 09/07/2016 17:25, Erwan David wrote:
Le 09/07/2016 à 16:18, Lefteris Tsintjelis a écrit :
Is there a way to redirect to dev null (without using local aliases)
by using master.cf and a shell script maybe?
http://www.postfix.org/FILTER_README.html#simple_filter
Would something as simple as th
Le 09/07/2016 à 16:25, Erwan David a écrit :
> Le 09/07/2016 à 16:18, Lefteris Tsintjelis a écrit :
>> Is there a way to redirect to dev null (without using local aliases)
>> by using master.cf and a shell script maybe?
>>
>> http://www.postfix.org/FILTER_README.html#simple_filter
>>
>> Would somet
Le 09/07/2016 à 16:18, Lefteris Tsintjelis a écrit :
> Is there a way to redirect to dev null (without using local aliases)
> by using master.cf and a shell script maybe?
>
> http://www.postfix.org/FILTER_README.html#simple_filter
>
> Would something as simple as this work?
>
> !/bin/sh
>
> cat >/d
Is there a way to redirect to dev null (without using local aliases) by
using master.cf and a shell script maybe?
http://www.postfix.org/FILTER_README.html#simple_filter
Would something as simple as this work?
!/bin/sh
cat >/dev/null
exit $?
> On Jul 8, 2016, at 10:09 PM, Rick Zeman wrote:
>
> How might 'filtering out that mechanism" be done, Viktor? Doesn't
> sound (or look like, based on SASL_README) that it's something done in
> postfix.
The first occurrence of the word "filter" in SASL_README is the section
that describes filt
Hi,
just a short question:
If enabling smtputf8_enable feature in Postfix, is this compatible with
milters? The most common library is libmilter and I have no idea, what exactly
this Postfix feature means? By asking, I think about two callbacks in libmilter:
xxfi_header(SMFICTX *ctx, char *hea
15 matches
Mail list logo
