2022. 04. 27. 8:16 keltezéssel, Ludi Cree írta:
Hi all,
I would like to exclude non-existing subdomains from this rule:
"reject_unknown_sender_domain"
that I have on the end of my sender-restrictions here:
smtpd_sender_restrictions = check_sender_access
hash:/var/spool/pos
Hi all,
I would like to exclude non-existing subdomains from this rule:
"reject_unknown_sender_domain"
that I have on the end of my sender-restrictions here:
smtpd_sender_restrictions = check_sender_access
hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated,
reject_n
Hi,
Following this thread has been quite intriguing. Interesting conversation
indeed.
On a similar topic but probably more focused on addressing root cause (which in
mind is just passwords = the devil of security) and the inherent insecurities
with using them.
I’m very interested in what opti
> On 26 Apr 2022, at 9:27 pm, Dan Mahoney wrote:
>
> So, alternate question then -- is there any level of debug logging that
> postfix can emit that would let one construct these reports based a log trawl?
I think the answer is still no.
--
Viktor.
Greg Klanderman writes:
>> On April 18, 2022 Wietse Venema wrote:
>
>> * (problem introduced: Postfix 3.0) With dynamic map loading
>> enabled, an attempt to create a map with "postmap regexp:path"
>> would result in a bogus error message "Is the postfix-regexp
>> package insta
https://www.reddit.com/r/postfix/Well there is a subreddit for postfix. News to me but I just joined it. I do my best to stay out of these "conversations" on the listserv and reserve my posts for when I am really stumped. But since I am posting put me in the firewall geofence crowd. I have done t
On 4/26/2022 7:15 PM, Demi Marie Obenour wrote:
On 4/26/22 01:35, Antonio Leding wrote:
Anyone who thinks that F2B merely “quiets logs” unfortunately has no
idea what F2B actually does…
Would you mind explaining?
TL;DR for many:
The fail2ban service watches logfiles for things that indicate
> On April 18, 2022 Wietse Venema wrote:
> * (problem introduced: Postfix 3.0) With dynamic map loading
> enabled, an attempt to create a map with "postmap regexp:path"
> would result in a bogus error message "Is the postfix-regexp
> package installed?" instead of "unsupported
> On Apr 19, 2022, at 6:08 PM, Viktor Dukhovni
> wrote:
>
> On Tue, Apr 19, 2022 at 05:33:50PM -0700, Dan Mahoney wrote:
>
>> Does postfix have any support for TLS reporting (RFC8460)?
>>
>> Technically, one need not be using MTA-STS to benefit from this. We
>> get monitoring of this with
On 4/26/22 01:35, Antonio Leding wrote:
> Anyone who thinks that F2B merely “quiets logs” unfortunately has no
> idea what F2B actually does…
Would you mind explaining?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_sign
Good feedback - typically I’d have some comments but since we’ve
wandered a fair bit off the reserve here, I will refrain. If anyone
wants to continue this at Reddit or somewhere else more appropo, let me
know…
- - -
On 26 Apr 2022, at 11:56, Lefteris Tsintjelis wrote:
On 26/4/2022 20:11,
On 26/4/2022 20:11, Antonio Leding wrote:
“…I'm just saying it's [F2B] not a solution to modern brute-force attack
on passwords/accounts….”
It’s actually staggering that you say this because of how incredibly
inaccurate this statement is…
Presume someone goes brute-force against a PostFix se
In other words...
On Tue, 26 Apr 2022, Antonio Leding wrote:
[...]
Blocking an IP is the single cheapest most effective thing one can do re:
undesired traffic.
blocking an address is just a rude form of graylisting, based on observed
rudeness.
(I do it too. And other things. Security is a
John Fawcett wrote:
> On 20/04/2022 22:20, Michael Grimm wrote:
>> this is postfix 3.8-20220325 (FreeBSD port postfix-current) on FreeBSD
>> 13.1-STABLE.
>
> is this problem happening on one of the RC versions of FreeBSD 13.1?
>
> On the FreeBSD site at the moment, unless I'm misreading it, I
“…I'm just saying it's [F2B] not a solution to modern brute-force
attack on passwords/accounts….”
It’s actually staggering that you say this because of how incredibly
inaccurate this statement is…
Presume someone goes brute-force against a PostFix server via v6 only -
so tons of addresses at
I’m not really sure if you understand that F2B is just a set of
scripts wrapped around iptables (a firewall) - but that’s all it is -
the real-work is being done by iptables which can be very effective
against DDoS. Plenty of articles, papers, etc. on this very topic so
your assertion that F2B
On 20/04/2022 22:20, Michael Grimm wrote:
Hi,
this is postfix 3.8-20220325 (FreeBSD port postfix-current) on FreeBSD
13.1-STABLE.
Michael
is this problem happening on one of the RC versions of FreeBSD 13.1?
On the FreeBSD site at the moment, unless I'm misreading it, I see the
latest 13.1
Dear Viktor,
Viktor Dukhovni writes:
> On Tue, Apr 26, 2022 at 11:54:21PM +0900, Byung-Hee HWANG wrote:
>
>> > There is obviously a point where the server won't be capable of
>> > handling the load, always. But what are the odds with "just" a
>> > brute-force on passwords/accounts?
>> > Our outb
On Tue, Apr 26, 2022 at 11:54:21PM +0900, Byung-Hee HWANG wrote:
> > There is obviously a point where the server won't be capable of
> > handling the load, always. But what are the odds with "just" a
> > brute-force on passwords/accounts?
> > Our outbound/internal mail gateway handles the traffic
> There is obviously a point where the server won't be capable of
> handling the load, always. But what are the odds with "just" a
> brute-force on passwords/accounts?
> Our outbound/internal mail gateway handles the traffic for +2K
> every-day users +28K occasional users. Millions emails per month
April 26, 2022 3:13 PM, "Bill Cole"
wrote:
> On 2022-04-26 at 07:09:41 UTC-0400 (Tue, 26 Apr 2022 11:09:41 +)
>
> is rumored to have said:
>> Unless you run postfix on a 10 years old Raspberry, it can handle the > load.
>
> Not always true.
There is obviously a point where the server won
This is a site-specific problem. I ran "openssl s_client" and
"posttls-finger -w" against one of the affected servers, and reliably
crashed their postscreen daemon. I've been doing similar tests
against my own servers without any problems.
Unless proven otherwise, this is no longer a Postfix probl
On 2022-04-26 at 07:09:41 UTC-0400 (Tue, 26 Apr 2022 11:09:41 +)
is rumored to have said:
Brute-forcing passwords/account as nothing to do with DDoS. Purpose of
brute(forcing password is gaining access to a service in order to
exploit it (steal data, send spam, etc.). Purpose of DDoS is t
On Mon, Apr 25, 2022 at 09:38:50PM -0700, Greg Earle wrote:
> >> All of the sending hostnames are of the form
> >>
> >> www-data@vNNN-NNN-NNN-NNN.*.static.cnode.io
> >
> > That's not a hostname, it is an email address, and not clear whether
> > the
> > envelope sender or the "From:" message heade
Use reject_authenticated_sender_login_mismatch (on the port 25
service or post-milter).
reject_authenticated_sender_login_mismatch
Enforces the reject_sender_login_mismatch restriction for au-
thenticated clients only. This feature is available in Postfix
April 26, 2022 12:16 PM, "Mauricio Tavares" wrote:
> Please explain how certificate authentication is, as you said,
> 100% efficient against brute-force attacks.
No password = no possible brute-forced password.
> If these 100s ou 1000s of IP addresses are sending each thousands of
> connectio
Greg Earle:
> On 25 Apr 2022, at 16:35, Wietse Venema wrote:
>
> > Greg Earle:
> >
> >> [root@isolar postfix]# grep smtpd_helo_ master.cf
> >
> > What is the output from:
> >
> > postconf -Px |grep check_helo_access
> >
> > I suspect that you made a mistake, such as configuring
> > the wrong S
On Tue, Apr 26, 2022 at 1:54 AM wrote:
>
> Hello,
>
> This is off topic anyway but I think you're right. Fail2ban is not for the
> lazy, it's for people who have a lot of time to lose in an inefficient
> solution. Before cloud era F2B was a really great solution, but as it's been
> pointed out,
28 matches
Mail list logo
