Ill be honest. I wasn't as successful as I let on because I noticed
that I hadn't include mysql in the build and was up for hours trying
to get the mysqlclient and header files. Ended up deleting that VM,
started over using the bookworm releases instead.
I will give building another go later a
* Bill Cole via Postfix-users:
Some systems are configured to "oversign" headers, essentially signing
the non-existence.
On 24.07.24 02:11, Ralph Seichter via Postfix-users wrote:
Shhh! We don't want to advertise that in this scenario, do we? ;-)
Still, you are correct to point out that the DK
Because I am using the VM, and my VM provider doesn't have ubuntu 24.04 available.
maybe I should try to get a ubuntu 24.04 from another provider and install the postfix 3.9 package then.
Thanks for all help.
- 원본 메일 -
보낸사람: Matus UHLAR - fantomas via Postfix-users
받는사람:
On 24.07.24 20:24, wesley via Postfix-users wrote:
Because I am using the VM, and my VM provider doesn't have ubuntu 24.04
available.
maybe I should try to get a ubuntu 24.04 from another provider and install
the postfix 3.9 package then.
Ubuntu can be easily upgraded, you will even have
Dnia 24.07.2024 o godz. 00:14:51 Bob via Postfix-users pisze:
> I want "Kill on Sight".
>
> Fastest way to me would be Postfix says it logged a connection from
> fluffy.cuddly.port.raping.internet-measurement.com calls my script with
> the IP address and they get stuffed up IPTables.
Despite wha
Thanks for the reply.
There are some words here,
https://unix.stackexchange.com/questions/179477/how-does-fail2ban-detect-the-time-of-an-intrusion-attempt-if-the-log-files-dont
Which suggests that Fail2Ban is continuously scanning logfiles for
changes unless you install Gamin which is some sort
As a further ramble headers_checks, a line in mine, looks like this
/ional.co.uk/ REJECT No Spam Please.
At the eame time that Postfix triggers on the match it must know the IP
address that was associated with the trigger. Instead of the above...
/ional.co.uk/ REJECT No Spam Please. ACTION iptab
On 24.07.24 13:26, Bob via Postfix-users wrote:
Thanks for the reply.
There are some words here,
https://unix.stackexchange.com/questions/179477/how-does-fail2ban-detect-the-time-of-an-intrusion-attempt-if-the-log-files-dont
This article is 9 years old and apparently some parts of it are obso
Oooops. Also applies to me :)
Bob
On Wed, 2024-07-24 at 14:51 +0200, Matus UHLAR - fantomas via Postfix-
users wrote:
> This article is 9 years old and apparently some parts of it are
> obsolete...
___
Postfix-users mailing list -- postfix-users@postfi
On 24/07/2024 13:11, Jaroslaw Rafa via Postfix-users wrote:
>> I want "Kill on Sight".
>>
>> Fastest way to me would be Postfix says it logged a connection from
>> fluffy.cuddly.port.raping.internet-measurement.com calls my script with
>> the IP address and they get stuffed up IPTables.
These pa
Bob via Postfix-users:
> As a further ramble headers_checks, a line in mine, looks like this
>
> /ional.co.uk/ REJECT No Spam Please.
>
> At the eame time that Postfix triggers on the match it must know the IP
> address that was associated with the trigger. Instead of the above...
>
> /ional.co.
On 24/07/2024 23:23, Allen Coates via Postfix-users wrote:
On 24/07/2024 13:11, Jaroslaw Rafa via Postfix-users wrote:
I want "Kill on Sight".
Fastest way to me would be Postfix says it logged a connection from
fluffy.cuddly.port.raping.internet-measurement.com calls my script with
the IP add
I get it might be a bit flakey from a security perspective and should
come with warnings but it is my box.
As an aside the contents of my /etc/postfix directory are owned by root
so I assume Postfix needs root priveledges to access them.
That seems like its already halfway down that particular ra
Gary R. Schmidt via Postfix-users:
> I'm sure postfix can be configured to use normal log files, or is that
> something that has to be made available at build-time?
https://www.postfix.org/MAILLOG_README.html
Available with Postfix version 3.4 or later. This includes logging
to stdout while runn
Yes. It was just an example. However many of these uninvited warts
don't publish such information and I have no doubt that they
periodically roll addresses. No I am not going to send them an e-mail
so they can pretend to go away.
The rest of my logs are stuffed with "user<>" and "unknown" or "does
Not sure when it happened but when I had to reinstall it on my Pi the
Pi was missing, ISTR, rsyslog so it was not the fault of Postfix. I
just had to put rsyslog back in and logging was back to normal.
Your link has the glimmer of a plan but would I not be back to having
to periodically scan stdou
On 24/07/2024 23:58, Bob via Postfix-users wrote:
[SNIP]
The rest of my logs are stuffed with "user<>" and "unknown" or "does
not resolve to" so they can get in the sea as well.
This is exactly what postscreen - which is part of postfix - and
fail2ban were developed to handle.
I get a lot of
Thanks... Toddles of to read about PostScreen
"Wietse expects that the zombie problem will get worse before things
improve, if ever."
Waves. Sorry if I am being ittitating.
Bob
On Thu, 2024-07-25 at 00:12 +1000, Gary R. Schmidt via Postfix-users
wrote:
> This is exactly what postscreen - which
On 25/07/2024 00:08, Bob via Postfix-users wrote:
[SNIP]
Your link has the glimmer of a plan but would I not be back to having
to periodically scan stdout, a file, to check for changes needimg
action?
The fail2ban daemon does that for you.
Once you implement postcreen and the spamhaus recomme
On 25/07/2024 00:19, Bob wrote:
Thanks... Toddles of to read about PostScreen
"Wietse expects that the zombie problem will get worse before things
improve, if ever."
Waves. Sorry if I am being ittitating.
Oh, don't worry, you are showings signs of learning behaviour, something
that seems all
Matus UHLAR - fantomas via Postfix-users wrote in
:
|>* Bill Cole via Postfix-users:
|>> Some systems are configured to "oversign" headers, essentially signing
|>> the non-existence.
|
|On 24.07.24 02:11, Ralph Seichter via Postfix-users wrote:
|>Shhh! We don't want to advertise that in this
Keith wrote in
:
|Hmm Policy Server. Do I have to install one and read the Man Pages?
|
|Then again I might take heart from the suggestion that this has been
|done before although the mention of blocklisting and coloured flags
|suggests others decided it was a bad idea.
|
|I get that cause
Steffen Nurpmeso via Postfix-users:
> Keith wrote in
> :
> |Hmm Policy Server. Do I have to install one and read the Man Pages?
> |
> |Then again I might take heart from the suggestion that this has been
> |done before although the mention of blocklisting and coloured flags
> |suggests others
Wietse Venema via Postfix-users wrote in
<4wtl814dp5zj...@spike.porcupine.org>:
|Steffen Nurpmeso via Postfix-users:
|> Keith wrote in
|> :
|>|Hmm Policy Server. Do I have to install one and read the Man Pages?
...
|> The op wants to be able to reject the one emails, and to block IPs
|> of
* Jaroslaw Rafa via Postfix-users:
> Despite what you say about your unsuccessful attempts with fail2ban,
> it seems the best tool for the job. It's the whole idea of fail2ban
> anyway - if "SOMETHING" appears in the logfile "SOME" number of times
> (which can be 1), then stuff the IP address into
* Bob via Postfix-users:
> I get it might be a bit flakey from a security perspective and should
> come with warnings but it is my box.
I think it is more than "a bit flakey". You ask Wietse to support
something which introduces a significant security risk. Plus, this
particular something is not
Ralph Seichter, Ralph Seichter via Postfix-users wrote in
<87v80ujyjr@ra.horus-it.com>:
|* Bob via Postfix-users:
|
|> I get it might be a bit flakey from a security perspective and should
|> come with warnings but it is my box.
|
|I think it is more than "a bit flakey". You ask Wietse t
what's the main difference between a policy server and a milter?
I searched and found this link:
https://serverfault.com/questions/1149051/what-difference-does-it-make-to-implement-a-feature-as-policy-service-vs-as-milt
but I am still not pretty sure.
Thanks.
- 원본 메일 -
보낸
* Steffen Nurpmeso:
> >I think it is more than "a bit flakey". You ask Wietse to support
> >something which introduces a significant security risk.
>
> Now you exaggerate a bit.
Not really, the original example of invoking "iptables" directly
requires root provileges. That could be mitigated by u
what's the main difference between a policy server and a milter?
Policy Server:
- Coded quickly in scripting language
- Lightweight, simple, and fast to setup
- Is only provided limited header information by postfix for evaluating
Milter:
- More complicated to setup and code
- Has access
postfix--- via Postfix-users:
> > what's the main difference between a policy server and a milter?
>
>
> Policy Server:
> - Coded quickly in scripting language
> - Lightweight, simple, and fast to setup
> - Is only provided limited header information by postfix for evaluating
No headers or
Ralph Seichter via Postfix-users wrote in
<87a5i6pesk@ra.horus-it.com>:
|* Steffen Nurpmeso:
|
|>>I think it is more than "a bit flakey". You ask Wietse to support
|>>something which introduces a significant security risk.
|>
|> Now you exaggerate a bit.
|
|Not really, the original exa
Great examples. Thanks for pointing out that.
- 원본 메일 -
보낸사람: Wietse Venema via Postfix-users
받는사람: Postfix users
날짜: 24.07.25 08:57 GMT +0900
제목: [pfx] Re: RFC logs_check
postfix--- via Postfix-users:
> > what's the main difference between a policy server and a milter?
33 matches
Mail list logo
