I'm going to leave this to the gurus. But here is what I know:
I didn't check the port when I did the grep. I just searched for the 0/1
pattern. That said, I used my ipfw table to block port 25, and
/var/log/security is getting hits on that rule.
The "normal" mail is going through, so I did no
Hi,
On Fri, Sep 30, 2016 at 8:08 PM, li...@lazygranch.com
wrote:
> On Fri, 30 Sep 2016 06:26:35 -0400
> Postfix User wrote:
>
>> Postfix-3.2-20160917 with FreeBSD-11.0 /64 bit
>>
>> Lately, I have been finding the following entries in the maillog:
>>
>> 13643:Sep 30 02:00:40 scorpio postfix/smtp
On Sat, 1 Oct 2016 10:59:02 +0100
Allen Coates wrote:
>
>
> On 01/10/16 10:37, Postfix User wrote:
> > On Fri, 30 Sep 2016 17:08:05 -0700, li...@lazygranch.com stated:
> >
> >> This will pull these hackers off your maillog.
> >> bzgrep -e auth=0/1 maillog* | sed 's/.*\[\([^]]*\)\].*/\1/g'
> >>
> On Oct 1, 2016, at 11:01 AM, li...@lazygranch.com wrote:
>
> On the latest "Security Now" podcast, Steve Gibson's makes noises about
> DNSSEC/DANE replacing certs, but not in detail.
I think that this thread, which was only tenuously connected to
Postfix in the first place, is no longer opera
On the latest "Security Now" podcast, Steve Gibson's makes noises about
DNSSEC/DANE replacing certs, but not in detail. You can search for DANE in the
transcript. I don't recall if he ever explained this in detail, and if he did,
I probably wouldn't understand.
https://www.grc.com/sn/sn-579.htm
On 10/01/2016 12:47 PM, D'Arcy J.M. Cain wrote:
> I am having trouble figuring out how to do do this. Hopefully someone
> here can help me figure it out. The problem is email coming from my
> web server. I use "permit_mynetworks" in all of the restrictions
> entries but that's a bit too liberal.
I am having trouble figuring out how to do do this. Hopefully someone
here can help me figure it out. The problem is email coming from my
web server. I use "permit_mynetworks" in all of the restrictions
entries but that's a bit too liberal.
In particular I have a web server where many clients a
On 09/30/2016 06:52 AM, John @ KLaM wrote:
Yes, I understand DANE can be used for MTAs. My musing is could it
completely replace the existing CA mess, and I suppose the follow up is
how?
I do not see it as a replacement for the CA mess but rather as a form of
2-factor authentication.
There
On 01/10/16 10:37, Postfix User wrote:
> On Fri, 30 Sep 2016 17:08:05 -0700, li...@lazygranch.com stated:
>
>> This will pull these hackers off your maillog.
>> bzgrep -e auth=0/1 maillog* | sed 's/.*\[\([^]]*\)\].*/\1/g' >iplist
>> sort iplist | uniq
> Great idea. I modified it slightly since th
On Fri, 30 Sep 2016 17:08:05 -0700, li...@lazygranch.com stated:
>This will pull these hackers off your maillog.
>bzgrep -e auth=0/1 maillog* | sed 's/.*\[\([^]]*\)\].*/\1/g' >iplist
>sort iplist | uniq
Great idea. I modified it slightly since the "sort" was not working
correctly here. I make a b
10 matches
Mail list logo
