Re: Block ip address on ratelimit

2012-12-12 Thread lconrad
On Wednesday 12/12/2012 at 8:48 am, Ram wrote: Our client's postfix servers are being frequently getting attacks using compromised accounts In most cases it seems the spammer simply uses a phished username/password , sends a whole lot of 419ers until we manually change the password , but t

Re: Postscreen status script

2013-01-29 Thread lconrad
On Tuesday 29/01/2013 at 1:37 pm, Mike. wrote: On 1/29/2013 at 2:01 PM Brian Evans wrote: |On 1/29/2013 1:43 PM, Brian Evans wrote: |> Because of that, I have skewed numbers: |> All "incoming" log records: 10187 |> All "status=sent" log records: 7506 |> All "status=deferred" log records:

how to see my_networks check in peer_debug, level 2 or greater?

2013-08-16 Thread lconrad
postconf mail_version mail_version = 2.3.3 uname -a Linux . 2.6.18-128.2.1.el5 #1 SMP Wed Jul 8 11:54:47 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux got an "access denied" for an IP that is in a /20 postconf confirms is in mynetworks the only match_hostname I see is for smtpd_client_ev

one machine for recipient address_verify, another for delivery

2013-08-27 Thread lconrad
outbound flow first machine does reject_unverified_recipient, and sends verified recipients via relayhost to the 2nd machine for delivery of verified recipients. now we see reject_unverified_recipient is verifying through the relayhost is there a way to override the first machine's relayh

Re: one machine for recipient address_verify, another for delivery

2013-08-27 Thread lconrad
On Tuesday 27/08/2013 at 3:04 pm, Noel Jones wrote: On 8/27/2013 2:52 PM, lcon...@go2france.com wrote: outbound flow first machine does reject_unverified_recipient, and sends verified recipients via relayhost to the 2nd machine for delivery of verified recipients. now we see reject_unve

Re: Compromised Passwords

2014-03-05 Thread lconrad
On Wednesday 05/03/2014 at 9:25 am, Blake Hudson wrote: Homer Wilson Smith wrote the following on 3/4/2014 4:38 PM: Dear Gentle Folk, What is the state of the art in dealing with users whose SASL password has been compromised? Running CentOS, and latest postfix.

Re: RBLs getting a lot of spam

2014-05-28 Thread lconrad
I've got barrac, zen, spamcop in postscreen, and still getting lots of spam then catching a lot with dbl.spamhaus (dbl both as postfix rhs block and as BIND DNS blackhole (dbl = postfix sender domain not found), while BIND with DBL/RPZ also blocks our recursive clients from accessing DBL d

Re: blocking compromised sasl users ?

2015-10-07 Thread lconrad
On Wednesday 07/10/2015 at 8:35 am, Voytek wrote: it looks like I have a couple of compromised user accounts on one of the domains on this server, I've changed the user password then even deleted the user (through postfixadmin) but that didn't help..? I can see in the log this: Oct 8 00