I've become used to the script kiddies sending out large connection
requests (I do have a threshold set). They are able to get around it by
other connections. For example, I had 857 connects of this:
Aug 28 11:57:35 mail postfix/smtpd[20544]: connect from
unknown[5.232.194.77]
Aug 28 11:57:3
On 8/28/15 2:09 PM, Robert Schetterer wrote:
Am 28.08.2015 um 20:03 schrieb Forrest:
I've become used to the script kiddies sending out large connection
requests (I do have a threshold set). They are able to get around it by
other connections. For example, I had 857 connects of this:
A
I read the README_SASL document. I'm on CentOS 5.x using Cyrus SASL
2.1.22, attempting to get Postfix 3.0.1 to compile in SASL support
correctly, using the following flags:
# make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL
-I/usr/include/sasl" AUXLIBS="-L/usr/lib/sasl -lsasl2"
I managed to fix this on my own; please disregard.
Thank you.
I recently updated my system from Sendmail to Postfix 3.0.1. Since that
time, I've been targeted with several SASL dictionary attacks; activity
I've not seen in this number before.
Reading around elsewhere, I wonder if the script kiddies are looking for
Postfix in the banner (which I've since
On 6/9/15 1:02 PM, Viktor Dukhovni wrote:
On Tue, Jun 09, 2015 at 12:54:51PM -0400, Forrest wrote:
I recently updated my system from Sendmail to Postfix 3.0.1. Since that
time, I've been targeted with several SASL dictionary attacks; activity I've
not seen in this number before.
R
On 6/9/15 1:38 PM, Viktor Dukhovni wrote:
On Tue, Jun 09, 2015 at 01:23:47PM -0400, Forrest wrote:
postfix/smtpd[12345]: warning: unknown[212.156.86.90]: SASL LOGIN
authentication failed: authentication failure
so I presume that's port 25, as I have submission running as another
configur
om unknown[71.19.249.5] for service smtp
Thanks,
Forrest
On 6/9/15 6:19 PM, Scott Lambert wrote:
On Tue, Jun 09, 2015 at 07:23:43PM +, Viktor Dukhovni wrote:
On Tue, Jun 09, 2015 at 02:26:20PM -0400, Forrest wrote:
So that log entry might be for the submission port, unless you've
configured it along the lines above.
I believe this is al
Since upgrading to Postfix, my system is seeing a lot of this
activity. My prior config was Sendmail 8 with Cyrus SASL which did
not. My guess from this log is that AUTH is taking place unencrypted,
which may be the cause?
My server advertises (EHLO):
250-PIPELINING
250-SIZE [ omitted ]
25
On 6/12/15 11:50 AM, Viktor Dukhovni wrote:
On Fri, Jun 12, 2015 at 11:05:42AM -0400, Forrest wrote:
My prior config was Sendmail 8 with Cyrus SASL which did not. My guess
from this log is that AUTH is taking place unencrypted, which may be the
cause?
Surely dictionary attacks on SASL were
Thanks, Viktor, for clarifying all this. Very helpful :-)
Forrest
On 6/12/15 12:31 PM, Viktor Dukhovni wrote:
On Fri, Jun 12, 2015 at 12:07:15PM -0400, Forrest wrote:
My server advertises (EHLO):
250-PIPELINING
250-SIZE [ omitted ]
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250
I just realized my config doesn't appear to be using SASL, though I
compiled it with the correct libs and flags (from makedefs.out):
SYSLIBS = -lssl -lcrypto -L/usr/lib/sasl -lsasl2 -lpcre -ldb -lnsl
-lresolv -ldl
CC = gcc -I. -I../../include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL
-DUSE_TLS -I/
Noel, here is the output from postconf -n (sanitized). Thank you.
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
body_checks = regexp:/etc/postfix/body_checks
body_checks_size_limit = 51200
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/p
How are others handling dictionary attacks (AUTH) with Postfix. For
example:
Jun 19 21:28:24 mail postfix/smtpd[32583]: connect from
unknown[212.131.132.49]
Jun 19 21:28:24 mail postfix/smtpd[32583]: lost connection after AUTH
from unknown[212.131.132.49]
Jun 19 21:28:24 mail postfix/smtpd[32
Hello Everyone,
I am a very new postfix admin and I have a simple case for which I need
documentation/pointers. I am hosting a mail forwarder, and I need this logic
followed:
For mail destined to mydomain.tld send outgoing via deliver directly.
For all other mail, send mail via host: .mydomain.
16 matches
Mail list logo
