Hello,
> On 9 Jun 2025, at 02:13, Doug Hardie via Postfix-users
> <[email protected]> wrote:
>
> I believe that pf is not properly blocking IPs that are supposedly blocked by
> blacklistd. In trying to test this, I am using postfix. However, I don't
> seem to be able to get postfix to call blacklistd. The approach I am using
> is to remove one of my machines from mynetworks using a !IPaddress. That
> seems to work properly. I send using telnet to port 25 and give it non-local
> addresses. Postfix responds with an appropriate snarky message. However,
> traces of blacklistd shows no calls for that address. What are the
> conditions when blacklistd is called? Is it only for authenciation failures,
> as indicated in one web page. How can I test pf with postfix.
Not sure I have a proper answer to your questions about testing, but you might
want to double check /etc/blacklistd.conf. Especially to make sure your network
is not «whitelisted».
Mine looks like this:
$ cat /etc/blacklistd.conf
#
# Blacklist rule
# adr/mask:port type proto owner name nfail disable
[local]
ssh stream * * * 3 24h
ftp stream * * * 3 24h
smtp stream * * * 3 24h
submission stream * * * 3 24h
#6161 stream tcp6 christos * 2 10m
* * * * * 3 60
# adr/mask:port type proto owner name nfail disable
[remote]
#129.168.0.0/16 * * * = * *
#6161 = = = =/24 = =
#* stream tcp * = = =
Obviously the blacklistd service must be started and your pf.conf must have an
anchor for rules injection:
anchor "blacklistd/*" in on $ext_if
I successfully block offenders, both on ports 25 and 587. Exemple for port 25:
$ sudo pfctl -a blacklistd/25 -t port25 -T show | wc -l
13
patpro
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
