[pfx] Re: Masters.cf

Tue, 28 May 2024 19:03:36 -0700 


On 5/28/24 9:58 PM, Viktor Dukhovni via Postfix-users wrote:

On Tue, May 28, 2024 at 09:32:29PM -0400, John Hill via Postfix-users wrote:


On 5/28/24 9:23 PM, Viktor Dukhovni via Postfix-users wrote:

    -o { smtpd_recipient_restrictions =
              reject_rbl_client zen.spamhaus.org=127.0.0.4,
              reject_sender_login_mismatch,
              permit_sasl_authenticated,
              reject }


I had experimented and came close to this.

I will use it.

Question as I use zen 127.0.0.[2..11] on port 25

This is includes the PBL, covering much of the "dynamic" ISP consumer
address space, including homes, hotels, airports, ...  You probably
don't want to block these.  The XBL (127.0.0.4) is a conservative
choice.  You might in fact want to reject XBL IPs early, before they
even attempt authentication.  So I have:

     465        inet  n       -       n       -       -       smtpd
         -o smtpd_delay_reject=no
         -o {smtpd_client_restrictions=reject_rbl_client 
zen.spamhaus.org=127.0.0.4}
         -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
         ...

     submission inet  n       -       n       -       -       smtpd
         -o smtpd_delay_reject=no
         -o {smtpd_client_restrictions=reject_rbl_client 
zen.spamhaus.org=127.0.0.4}
         -o 
smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject

(The "permit_mynetworks" is for a couple of machine-to-machine submission use 
cases).



Mail all works but I still can't block these SASL attempt.

I use fail2ban to throw them into an SASL ass holes list.

Every number I check is listed in XBL PBL on Spamhaus

But it is not trying to check.


  -o { smtpd_recipient_restrictions =
                  reject_rbl_client zen.spamhaus.org=127.0.0.4,
                  reject_sender_login_mismatch,
                  permit_sasl_authenticated,
                  reject }
May 28 21:51:43 proteus.noach.com postfix/submission/smtpd[768476]: connect from unknown[136.41.160.87] May 28 21:51:44 proteus.noach.com postfix/submission/smtpd[768476]: discarding EHLO keywords: CHUNKING May 28 21:51:46 proteus.noach.com postfix/submission/smtpd[768476]: Anonymous TLS connection established from unknown[136.41.160.87]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) May 28 21:51:46 proteus.noach.com postfix/submission/smtpd[768476]: discarding EHLO keywords: CHUNKING May 28 21:51:51 proteus.noach.com postfix/submission/smtpd[768476]: warning: unknown[136.41.160.87]: SASL LOGIN authentication failed: (reason unavailable), sasl_username=clpow...@noach.com May 28 21:51:51 proteus.noach.com postfix/submission/smtpd[768476]: too many errors after AUTH from unknown[136.41.160.87] May 28 21:51:51 proteus.noach.com postfix/submission/smtpd[768476]: disconnect from unknown[136.41.160.87] ehlo=2 starttls=1 auth=0/1 commands=3/4 


Thanks

--john

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to