On 20 Mar 2016, at 14:11, @lbutlr wrote:
/etc/hosts.allow:
ALL : 185.103.253.246 : DENY
Has no effect.
For /etc/hosts.{allow,deny} files to have any effect on network access
to a program, the program must support the TCP Wrappers facility by
linking to libwrap OR be wrapped by the tcpd a
On 2016-03-20 16:46, Dimitar Katerinski wrote:
@lbutlr wrote:
/etc/hosts.allow:
ALL : 185.103.253.246 : DENY
Has no effect.
hosts.allow and hosts.deny only work for programs that have been
compiled with TCP wrapper support. Typically this is limited to telnet,
ftp and inetd super daemon
Am 21. März 2016 00:59:36 MEZ, schrieb "@lbutlr" :
>On Sun Mar 20 2016 16:01:44 Christian Kivalo
>said:
>>
One minor comment: I would not even offer AUTH on port 25.
>>>
>>> I don’t. I offer opportunistic TLS on port 25 for SMTPd. All mail
>>> submission have to be on port 587.
>>
>> Y
On Sun Mar 20 2016 16:00:10 Sebastian Nielsensaid:
>
> I would instead suggest the opposite way around, use whitelisting instead.
That doesn’t work. One of my most important customers travels all over the
world and may be connecting from quite literally anywhere but North Korea.
Setting the
On Sun Mar 20 2016 16:01:44 Christian Kivalo said:
>
>>> One minor comment: I would not even offer AUTH on port 25.
>>
>> I don’t. I offer opportunistic TLS on port 25 for SMTPd. All mail
>> submission have to be on port 587.
>
> You do.
Oh, that is right, I forgot I had to enable that temp
In message <0f3f9e7a-f0da-400a-b331-514a471b4...@valo.at>
Christian Kivalo writes:
>
> >> One minor comment: I would not even offer AUTH on port 25.
> >
> >I don't. I offer opportunistic TLS on port 25 for SMTPd. All mail
> >submission have to be on port 587.
>
> You do.
>
> valo@uschi:~ $ tel
>> One minor comment: I would not even offer AUTH on port 25.
>
>I don’t. I offer opportunistic TLS on port 25 for SMTPd. All mail
>submission have to be on port 587.
You do.
valo@uschi:~ $ telnet mail.covisp.net 25
Trying 65.121.55.42...
Connected to mail.covisp.net.
Escape character is '^]'.
22
I would instead suggest the opposite way around, use whitelisting instead.
Whitelisting can be done in many ways:
1: You can either whitelist your customer's IP ranges. So if one customer has
Telia in Sweden, you tell your firewall to allow 95.196.0.0/14.
And so on for every customer/user.
2: Yo
@lbutlr wrote:
/etc/hosts.allow:
ALL : 185.103.253.246 : DENY
Has no effect.
I would suggest using your firewall utility to block this on tcp/ip
level. If you are running Postfix under Linux
the following iptables command should block this IP to accessing your
smtp service on port 25:
i
Put the ip in your firewall blacklist is what I did, then you dont even see
them as they are blocked at the gate. I extracted all such addreses from my
logs, sorted them unique, added them to the firewall blacklist.
gone.
I know there will always be others, but revenge is sweet .
-
Fro
On Mar 20, 2016, at 1:46 PM, Wietse Venema wrote:
>
> @lbutlr:
>> I mean, nothing is getting in, but there are thousands of these, 2000 =
>
> Then why do you care? They are using 1% of your CPU?
I've been in the logs a lot the last few days, and having big these very few
seconds has been a con
On Sun, Mar 20, 2016 at 08:21:16PM +0100, wilfried.es...@essignetz.de wrote:
> Did you try postscreen_blacklist_action
> (http://www.postfix.org/postconf.5.html#postscreen_blacklist_action)
>
> Default is "ignore"
Yes, and probably what the OP wants to set is "drop". If set as
"enforce" you'll
@lbutlr:
> I mean, nothing is getting in, but there are thousands of these, 2000 =
Then why do you care? They are using 1% of your CPU?
Wietse
Did you try postscreen_blacklist_action
(http://www.postfix.org/postconf.5.html#postscreen_blacklist_action)
Default is "ignore"
Willi
Am 20.03.2016 um 20:10 schrieb @lbutlr:
> On Sun Mar 20 2016 12:59:08 @lbutlrsaid:
>>
>> Mar 20 12:55:37 mail postfix/postscreen[29826]: BLACKLISTED
>> [
On Sun Mar 20 2016 12:59:08 @lbutlr said:
>
> Mar 20 12:55:37 mail postfix/postscreen[29826]: BLACKLISTED
> [185.103.253.246]:50804
Stopped postfix and removed the post screen_cache file and restarted postfix.
Mar 20 13:03:59 mail postfix/postscreen[30633]: BLACKLISTED
[185.103.253.246]:5
On Sun Mar 20 2016 12:47:32 @lbutlr <@lbutlr> said:
>
> But they still keep coming.
>
> $ date && grep UGFzc3dvcmQ6 /var/log/maillog | tail -1
> Sun Mar 20 12:43:33 MDT 2016
> Mar 20 12:43:31 mail postfix/smtpd[28552]: warning: unknown[185.103.253.246]:
> SASL LOGIN authentication failed: UG
On Sun Mar 20 2016 12:47:32 @lbutlr <@lbutlr> said:
>
> postscreen_access_cidr
> 185.103.253.246 reject
>
> $ postmap -q 185.103.253.246
> cidr:/usr/local/etc/postfix/postscreen_access.cidr
> reject
>
> But they still keep coming.
>
> $ date && grep UGFzc3dvcmQ6 /var/log/maillog | tail -
On Sun Mar 20 2016 12:23:00 /dev/rob0said:
>
> On Sun, Mar 20, 2016 at 12:11:57PM -0600, @lbutlr wrote:
>> I have many thousands of these over the last seven days:
>>
>> Mar 20 10:45:27 mail postfix/smtpd[19480]: warning:
>> unknown[185.103.253.246]: SASL LOGIN authentication failed:
>> UGF
Um, perhaps you should utilize some sort of DNS blacklist, which is what my
setup here does.
If not, then you might want to try relocating what you put into your
/etc/hosts.allow file to your /etc/hosts.deny file.
I would also recommend utilizing fail2ban -- http://theether.net/kb/100141
On S
On Sun, Mar 20, 2016 at 12:11:57PM -0600, @lbutlr wrote:
> I have many thousands of these over the last seven days:
>
> Mar 20 10:45:27 mail postfix/smtpd[19480]: warning:
> unknown[185.103.253.246]: SASL LOGIN authentication failed:
> UGFzc3dvcmQ6
>
> They are all the exact same, including the
I have many thousands of these over the last seven days:
Mar 20 10:45:27 mail postfix/smtpd[19480]: warning: unknown[185.103.253.246]:
SASL LOGIN authentication failed: UGFzc3dvcmQ6
They are all the exact same, including the UGF… portion.
Mar 20 10:48:34 mail postfix/postscreen[75523]: CONNECT
21 matches
Mail list logo
