On 24/05/24 13:08, Northwind via Postfix-users wrote:
do you mean since I have been using postscreen, there is no need to
manually disable authentication on port 25? since postscreen doesn't
have auth support.
No you definately should disable auth on port 25 regardless. It is
possible for po
Will do it. Tonight.
Thanks
On May 23, 2024 9:11 PM, Wietse Venema via Postfix-users
wrote:
John Hill via Postfix-users:
> I learn something every time I read this group, when I can keep up with
> the conversation!
>
> I had auth on ports I did not need. I use auth on submission port 5
John Hill via Postfix-users:
> I learn something every time I read this group, when I can keep up with
> the conversation!
>
> I had auth on ports I did not need. I use auth on submission port 587,
> for users access.
>
> I do get a boat load of failed login attempts on 587. Funny how a China,
do you mean since I have been using postscreen, there is no need to
manually disable authentication on port 25? since postscreen doesn't
have auth support.
Thanks Wietse.
As documnented somewhere, postscreen never announces AUTH support.
___
Postf
I learn something every time I read this group, when I can keep up with
the conversation!
I had auth on ports I did not need. I use auth on submission port 587,
for users access.
I do get a boat load of failed login attempts on 587. Funny how a China,
US, Argentina, you name it, hosts, will
Northwind via Postfix-users:
> Hello,
>
> since my smtp instance is postscreen as showing the follow,
>
> smtp inet n - y - 1 postscreen
>
>
> How can I disable authentication on port 25 then?
>
> I know if the smtp instance is smtpd, this option should work
On 24/05/24 01:42, Bill Cole via Postfix-users wrote:
Likely brute force.
Not exactly.
"Brute force" password cracking is almost never seen today, as it has
been replaced by a practice commonly called "credential stuffing" where
the attacker has some large collection of known-good username+p
Hello,
since my smtp instance is postscreen as showing the follow,
smtp inet n - y - 1 postscreen
How can I disable authentication on port 25 then?
I know if the smtp instance is smtpd, this option should work:
-o smtpd_sasl_auth_enable=no
Thank you.
_
On 24/05/24 02:12, Matus UHLAR - fantomas via Postfix-users wrote:
Zen includes the "PBL" component, which consists largely of
residential and mobile consumer IPs.
Yes, but these are (usually) not considered valid clients, these should
use submission/submissions(smtps) ports where reject_rbl_c
On Thu, May 23, 2024 at 05:48:29PM -0400, Wietse Venema via Postfix-users wrote:
> Greg Sims via Postfix-users:
> > We see conn_use about 24% of the time:
>
> But none of the sessions shown in your message have that.
>
> Do they also have multiple-of-5-second type 'c' delays?
Indeed those multi
Greg Sims via Postfix-users:
> We see conn_use about 24% of the time:
But none of the sessions shown in your message have that.
Do they also have multiple-of-5-second type 'c' delays?
Wietse
___
Postfix-users mailing list -- postfix-users@post
Pedro David Marco via Postfix-users:
> Hi all,
> is it possible to have several Postfix instances to use a centralized
> Postfix server for address verification probes when this centralized
> server is NOT an MDA but a relay to external MDAs?
You can specify address_verify_relayhost and the like,
You have been perfectly clear. As outlined in DSN_README, the RFC
does not support a way to selectively disable SUCCESS notification.
Postfix is not just a bunch of random hacks thrown together. You
are free to use a different mail system.
Wietse
__
On Thu, May 23, 2024 at 7:07 AM Greg Sims wrote:
>
> Thank you Viktor. All recommended changes have been made. I hope to
> collect useful "collate" data with our next distribution at Noon today
> pacific.
>
Still having problems with the inbound smtpd from our private network
flooding "collate".
Hi all,
is it possible to have several Postfix instances to use a centralized Postfix
server for address verification probes when this centralized server is NOT an
MDA but a relay to external MDAs?
Thanks in advance!
Pete.
___
Postfix-users mailing list
On 23.05.24 20:51, Alexander Kolesnikov via Postfix-users wrote:
23.05.2024 19:06, Wietse Venema via Postfix-users пишет:
Aleksandr Kolesnikov via Postfix-users:
if the user requests a DSN, he receives a delivery message via the
...
how to prohibit the sending of such DSN?
Perhaps: [1]
Don't accept mail from home networks. For example, use
"reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
On 23.05.24 07:00, Northwind via Postfix-users wrote:
will this also stop the valid client's SMTP connection? thank you
23.05.2024 15:38, Kevin Cousin via
Postfix-users пишет:
Le 2024-05-21T22:50:48.000+02:00, Wietse Venema via
Postfix-users a écrit :
Kevin Cousin via Postfix-users:
23.05.2024 19:06, Wietse Venema via
Postfix-users пишет:
Aleksandr Kolesnikov via Postfix-users:
if the user requests a DSN, he receives a delivery message via the
...
how to prohibit the sending of such DSN?
On 2024-05-23 at 02:31:05 UTC-0400 (Thu, 23 May 2024 08:31:05 +0200)
Matus UHLAR - fantomas via Postfix-users
is rumored to have said:
Don't accept mail from home networks. For example, use
"reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver
On 2024-05-22 at 19:03:48 UTC-0400 (Thu, 23 May 2024 11:03:48 +1200)
Peter via Postfix-users
is rumored to have said:
On 23/05/24 10:33, Northwind via Postfix-users wrote:
[...]
The attack continues at this time.
My questions are:
1. what's the purpose of this kind of attack? Brute force pas
Thank you Viktor. All recommended changes have been made. I hope to
collect useful "collate" data with our next distribution at Noon today
pacific.
I hope you have a great day! Greg
> [root@mail01 postfix]# postconf -nf
>
> [root@mail01 postfix]# postconf -Mf
___
Aleksandr Kolesnikov via Postfix-users:
> if the user requests a DSN, he receives a delivery message via the
...
> how to prohibit the sending of such DSN?
Perhaps: https://www.postfix.org/DSN_README.html
Wietse
___
Postfix-users mailing lis
That's great info from all you people. many thanks!
>
> On 23/05/24 19:02, Jaroslaw Rafa via Postfix-users wrote:
>
> >
> > In addition I can add one idea:
> >
> > I have had quite a success with a policy server that rejects all
> > connections
> >
> > on submission ports IF it doesn't f
On 23/05/24 19:02, Jaroslaw Rafa via Postfix-users wrote:
In addition I can add one idea:
I have had quite a success with a policy server that rejects all connections
on submission ports IF it doesn't find a currently established IMAP session
from the same IP address. All "normal" mail clients (a
On 23/05/24 16:51, Viktor Dukhovni via Postfix-users wrote:
Dovecot has its own mechanism list, while Postfix has a mechanism list
filter. You should be able to set:
smtp_sasl_mechanism_filter = plain
He's trying to prevent login on smtpd, so the setting should be
smtpd_sasl_mechanism_f
Dnia 23.05.2024 o godz. 15:18:36 Northwind via Postfix-users pisze:
> how to implement that a policy server? thanks.
My script is very simple, I just took a sample policy server script in Perl
included with Postfix distribution and added code to ask Dovecot about
currently active IMAP sessions.
I
Le 2024-05-21T22:50:48.000+02:00, Wietse Venema via Postfix-users
a écrit :
> Kevin Cousin via Postfix-users:
>> Hi,
>>
>> We are using Postfix as relay for our internal apps. This apps
>> are
>>
>> sending mails to final users with from nore...@example.net, but
>>
>> sometimes, adr
how to implement that a policy server? thanks.
In addition I can add one idea:
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Dnia 23.05.2024 o godz. 11:03:48 Peter via Postfix-users pisze:
>
> You can implement a policy daemon (such as postfwd) which can add
> limits to help in case a password does get found. This can shut
> down a user account before it gets used to send too much SPAM.
>
> If you know that all of you
30 matches
Mail list logo
