Re: Brutal attacks

2016-07-11 Thread Allen Coates
I found this in "man iptables-extensions" Examples: # allow 2 telnet connections per client host iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT It could be adapted to offer basic DoS protection for postfix. Unfortunately my MXhost

Re: Brutal attacks

2016-07-10 Thread Benning, Markus
On 2016-07-09 18:34, Robert Schetterer wrote: additional fail2ban, but log parse was to slow at my side and for sure use postscreen Its possible to trigger fail2ban from a policyd: https://www.mtpolicyd.org/documentation.html#Mail::MtPolicyd::Plugin::Fail2Ban Markus -- https://markusbenning.

Re: Brutal attacks

2016-07-09 Thread Robert Schetterer
Am 09.07.2016 um 19:40 schrieb Lefteris Tsintjelis: > On 09 Jul 2016, at 19:34, Robert Schetterer wrote: > > Am 09.07.2016 um 17:07 schrieb Lefteris Tsintjelis: >> Is this a good postfix way to stall attackers (besides log parsing and >> fire walling)? Bots are increasing dramatically these days

Re: Brutal attacks

2016-07-09 Thread Lefteris Tsintjelis
On 09 Jul 2016, at 19:34, Robert Schetterer wrote: Am 09.07.2016 um 17:07 schrieb Lefteris Tsintjelis: > Is this a good postfix way to stall attackers (besides log parsing and > fire walling)? Bots are increasing dramatically these days > > smtpd_soft_error_limit = 1 > smtpd_hard_error_limit = 1

Re: Brutal attacks

2016-07-09 Thread Allen Coates
Limiting the number of simultaneous connections will fend off an attacker until fail2ban kicks in. For my (domestic) server, I have in main.cf :- smtpd_client_connection_count_limit = 2 This is inherited by postscreen, which does a good job of throwing out surplus connections. Again - appropr

Re: Brutal attacks

2016-07-09 Thread Robert Schetterer
Am 09.07.2016 um 17:07 schrieb Lefteris Tsintjelis: > Is this a good postfix way to stall attackers (besides log parsing and > fire walling)? Bots are increasing dramatically these days > > smtpd_soft_error_limit = 1 > smtpd_hard_error_limit = 1 > smtpd_error_sleep_time = 16s (or even more) as i

Re: Brutal attacks

2016-07-09 Thread lists
much mail server pentest programming available.   Original Message   From: Lefteris Tsintjelis Sent: Saturday, July 9, 2016 8:07 AM To: postfix-users@postfix.org Subject: Brutal attacks Is this a good postfix way to stall attackers (besides log parsing and fire walling)? Bots are increasing dr

Brutal attacks

2016-07-09 Thread Lefteris Tsintjelis
Is this a good postfix way to stall attackers (besides log parsing and fire walling)? Bots are increasing dramatically these days smtpd_soft_error_limit = 1 smtpd_hard_error_limit = 1 smtpd_error_sleep_time = 16s (or even more)