On Fri, 12 Aug 2022 at 19:00, Jaroslaw Rafa wrote:
>
> Hello,
> as my submission services experience a lot of AUTH attacks recently, I want
> to temporarily block access to them from IP addresses other than those from
> where users are expected to send mail.
>
> 1) I created a file specifying allo
On Sat, Aug 13, 2022 at 03:42:41PM +1200, Peter wrote:
> /etc/postfix/sender-recip:
>
> # Joe is only allowed to send to Bob
> j...@example.com check_recipient_access
> inline:{b...@example.com=permit},reject
>
> # Jane is not allowed to send to Joe or Bob but can send to anyone else
> j...@exa
On 13/08/22 01:00, Jaroslaw Rafa wrote:
Dnia 12.08.2022 o godz. 13:23:25 Dominik George pisze:
By the way: does anybody know of a tool ready to use with Postfix, that
does exactly this and only this, ie. allows to define sender/recipient pairs
that are (with "default deny") or aren't (with "defau
Dnia 12.08.2022 o godz. 18:06:08 Jozsef Kadlecsik pisze:
> The whole package (including the policy daemon, web interface for the
> users, admin cli interface, maintenance scripts) was public and could be
> published again. However it would need some time to recreate the package:
> installation a
Dnia 12.08.2022 o godz. 11:08:14 Viktor Dukhovni pisze:
> > But now it rejects everything... even connections from hosts that are in my
> > "allowed" list... I have to investigate this again... :(
>
> Well, the client couldn't possibly be authenticated at connect time,
> you need:
>
> -o smtp
On 2022-08-12 06:23, Dominik George wrote:
now that I have moved alias expansion to a socketmap service, I was
wondering what would be best for policy checks (for now, as simple as
"is address A allowed to send to address B?).
This os obviously possible using the milter, but then there is
Postfi
On Fri, 12 Aug 2022, Wietse Venema wrote:
> Jaroslaw Rafa:
> > Dnia 12.08.2022 o godz. 10:09:08 Wietse Venema pisze:
> > > > By the way: does anybody know of a tool ready to use with Postfix, that
> > > > does exactly this and only this, ie. allows to define sender/recipient
> > > > pairs
> > > >
On Fri, Aug 12, 2022 at 04:53:45PM +0200, Jaroslaw Rafa wrote:
> Dnia 12.08.2022 o godz. 16:31:04 Jaroslaw Rafa pisze:
> > Dnia 12.08.2022 o godz. 10:27:47 Viktor Dukhovni pisze:
> > > You neglected to add:
> > >
> > > -o smtpd_delay_reject=no
> >
> > Thank you for your answer. Just a few min
Dnia 12.08.2022 o godz. 16:31:04 Jaroslaw Rafa pisze:
> Dnia 12.08.2022 o godz. 10:27:47 Viktor Dukhovni pisze:
> > You neglected to add:
> >
> > -o smtpd_delay_reject=no
>
> Thank you for your answer. Just a few minutes ago found that out myself and
> added this parameter to master.cf! :)
B
Jaroslaw Rafa:
> Dnia 12.08.2022 o godz. 10:09:08 Wietse Venema pisze:
> > > By the way: does anybody know of a tool ready to use with Postfix, that
> > > does exactly this and only this, ie. allows to define sender/recipient
> > > pairs
> > > that are (with "default deny") or aren't (with "defaul
Dnia 12.08.2022 o godz. 10:27:47 Viktor Dukhovni pisze:
> You neglected to add:
>
> -o smtpd_delay_reject=no
Thank you for your answer. Just a few minutes ago found that out myself and
added this parameter to master.cf! :)
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million yea
On Fri, Aug 12, 2022 at 03:29:09PM +0200, Jaroslaw Rafa wrote:
> 3) In my master.cf, I changed in both "submission" and "smtps" entries the
> line
>
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>
> to
>
> -o
> smtpd_client_restrictions=$temp_client_block,permit_sasl_authenti
Dnia 12.08.2022 o godz. 10:09:08 Wietse Venema pisze:
> > By the way: does anybody know of a tool ready to use with Postfix, that
> > does exactly this and only this, ie. allows to define sender/recipient pairs
> > that are (with "default deny") or aren't (with "default allow") allowed to
> > send
Jaroslaw Rafa:
> Dnia 12.08.2022 o godz. 13:23:25 Dominik George pisze:
> >
> > now that I have moved alias expansion to a socketmap service, I was
> > wondering what would be best for policy checks (for now, as simple as
> > "is address A allowed to send to address B?).
> >
> > This os obviously
Hello,
as my submission services experience a lot of AUTH attacks recently, I want
to temporarily block access to them from IP addresses other than those from
where users are expected to send mail.
1) I created a file specifying allowed addresses, it looks like the following:
127.0.0.0/8
Dnia 12.08.2022 o godz. 13:23:25 Dominik George pisze:
>
> now that I have moved alias expansion to a socketmap service, I was
> wondering what would be best for policy checks (for now, as simple as
> "is address A allowed to send to address B?).
>
> This os obviously possible using the milter, b
16 matches
Mail list logo
