On 25-7-2016 19:32, Karl Denninger wrote: > On 7/25/2016 12:04, Ronald Klop wrote: >> On Mon, 25 Jul 2016 18:48:25 +0200, Karl Denninger >> <k...@denninger.net> wrote: >> >>> This may not belong in "stable", but since Postfix is one of the >>> high-performance alternatives to sendmail.... >>> >>> Question is this -- I have sshguard protecting connections inbound, but >>> Postfix appears to be ignoring it, which implies that it is not paying >>> attention to the hosts.allow file (and the wrapper that enables it.) >>> >>> Recently a large body of clowncars have been targeting my sasl-enabled >>> https gateway (which I use for client machines and thus do in fact need) >>> and while sshguard picks up the attacks and tries to ban them, postfix >>> is ignoring the entries it makes which implies it is not linked with the >>> tcp wrappers. >>> >>> A quick look at the config for postfix doesn't disclose an obvious >>> configuration solution....did I miss it? >>> >> >> Don't know if postfix can handle tcp wrappers, but I use bruteblock >> [1] for protecting connections via the ipfw firewall. I use this for >> ssh and postfix.
Given the fact that both tcpwrappers and postfix originate from the same author (Wietse Venenma) I'd be very surprised it you could not do this. http://www.postfix.org/linuxsecurity-200407.html But grepping the binary for libwrap it does seems to be the case. Note that you can also educate sshguard to actually use a script to do whatever you want it to do. I'm using it to add rules to an ipfw table that is used in a deny-rule. Reloading the fw keeps the deny-rules, flushing the table deletes all blocked hosts without reloading the firewall. Both times a bonus. --WjW --WjW _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
