Dnia 23.05.2024 o godz. 11:03:48 Peter via Postfix-users pisze: > > You can implement a policy daemon (such as postfwd) which can add > limits to help in case a password does get found. This can shut > down a user account before it gets used to send too much SPAM. > > If you know that all of your users will originate in a certain > country or countries, you can use Geo-IP filtering to limit > submission connections to those countries. Note be careful not to > block port 25 connections with this and realize that if you or your > users ever intend to do any travelling this could be problematic.
In addition I can add one idea: I have had quite a success with a policy server that rejects all connections on submission ports IF it doesn't find a currently established IMAP session from the same IP address. All "normal" mail clients (at least the ones that I saw) first establish an IMAP session with the server, and then try to authenticate with SMTP when the user wants to actually send mail. And I see much, much less attacks (authentication attempts) on IMAP service than on SMTP. So it works for me. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
