That's great info from all you people. many thanks!
> > On 23/05/24 19:02, Jaroslaw Rafa via Postfix-users wrote: > > > > > In addition I can add one idea: > > > > I have had quite a success with a policy server that rejects all > > connections > > > > on submission ports IF it doesn't find a currently established IMAP session > > > > from the same IP address. All "normal" mail clients (at least the ones that > > > > I saw) first establish an IMAP session with the server, and then try to > > > > authenticate with SMTP when the user wants to actually send mail. And I see > > > > much, much less attacks (authentication attempts) on IMAP service than on > > > > SMTP. So it works for me. > > > > That's a good idea, but I would make one modification, have it allow any > connection that hasn't had a corresponding IMAP (or POP3 if applicable) > connection in the past hour. > > Do note that if you have clients that submit but don't read mail themselves > then this will cause issues, an example of such being a null client such as > submitting mail from a server. > > Also this should *not* be a substitute for SASL AUTH, but rather an added > check. > > Peter > > _______________________________________________ > > Postfix-users mailing list -- postfix-users@postfix.org > > To unsubscribe send an email to postfix-users-le...@postfix.org > _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
