On 2016-03-04 14:39, Robert Chalmers wrote:
How can I block this user from even attempting to access the mail
server?
Mac. OSX 10.11
Postfix.
I’ve even tried setting it in the firewall - but I’m missing
something, because there it is again...
I have the domain IP in a blacklist on both the pf.conf firewall, and
the postfix blacklist, and in spamassassin … impossible. I can not
stop this sucker.
What do you take as identifier for the user?
IP? Hostname?
Do you have more logs that show connections for this user / the same
user?
Mar 4 12:41:48 zeus postfix/smtpd[1811]: connect from mail.bmwlaw.com
[1][174.46.142.137]
Mar 4 12:41:48 zeus postfix/smtpd[1811]: setting up TLS connection
from mail.bmwlaw.com [1][174.46.142.137]
Mar 4 12:41:48 zeus postfix/smtpd[1811]: mail.bmwlaw.com
[1][174.46.142.137]: TLS cipher list
"aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!SSLv2:!aNULL:!ADH:!eNULL"
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:before/accept
initialization
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 read client
hello A
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 write
server hello A
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 write
certificate A
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 write key
exchange A
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 write
server done A
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 flush data
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 read client
certificate A
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 read client
key exchange A
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 read
certificate verify A
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 read
finished A
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 write
change cipher spec A
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 write
finished A
Mar 4 12:41:48 zeus postfix/smtpd[1811]: SSL_accept:SSLv3 flush data
Mar 4 12:41:48 zeus postfix/smtpd[1811]: Anonymous TLS connection
established from mail.bmwlaw.com [1][174.46.142.137]: TLSv1 with
cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Mar 4 12:41:49 zeus postfix/smtpd[1811]: NOQUEUE: reject: RCPT from
mail.bmwlaw.com [1][174.46.142.137]: 450 4.7.1 <BMW-Ex2010.bmwroa.com
[2]>: Helo command rejected: Host not found; from=<>
to=<rushmarcellus...@quantum-radio.net> proto=ESMTP
helo=<BMW-Ex2010.bmwroa.com [2]>
Mar 4 12:41:51 zeus postfix/smtpd[1811]: disconnect from
mail.bmwlaw.com [1][174.46.142.137] ehlo=2 starttls=1 mail=1 rcpt=0/1
quit=1 commands=5/6
You should leave smtpd_tls_loglevel set to the default of "1". Makes the
logs easier to read.
The only thing I can think, is that soemthing is turning it back on,
after being turned off.?
postconf -n below.
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
default_rbl_reply = $rbl_code Service unavailable; $rbl_class
[$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} - see
http://$rbl_domain.
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
home_mailbox = Mail/Dovecot/
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
lmtp_tls_ciphers = $smtpd_tls_ciphers
lmtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
mail_owner = _postfix
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox_size_limit = 0
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 0
meta_directory = /usr/local/etc/postfix
milter_default_action = accept
mydestination = localhost mail.$mydomain, www.$mydomain
myhostname = zeus.chalmers.com.au [3]
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
non_smtpd_milters = inet:127.0.0.1:8891
postscreen_access_list = permit_mynetworks,
cidr:/usr/local/etc/postfix/postscreen_access.cidr,
cidr:/usr/local/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = no
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = btree:$data_directory/postscreen_cache
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit =
$smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?10}${stress:300}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps =
$smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
texthash:/usr/local/etc/postfix/dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org [4]*3, bl.mailspike.net
[5]*2, b.barracudacentral.org [6]*2, bl.spameatingmonkey.net [7],
bl.spamcop.net [8], dnsbl.sorbs.net [9], psbl.surriel.com [10],
swl.spamhaus.org [11]*-4, list.dnswl.org
[12]=127.[0..255].[0..255].0*-2, list.dnswl.org
[12]=127.[0..255].[0..255].1*-3, list.dnswl.org
[12]=127.[0..255].[0..255].[2..255]*-4, wl.mailspike.net
[13]=127.0.0.[17;18]*-1, wl.mailspike.net [13]=127.0.0.[19;20]*-2,
ix.dnsbl.manitu.net [14], bl.blocklist.de [15], list.dnswl.org
[12]=127.0.[0..255].0*-1, list.dnswl.org [12]=127.0.[0..255].1*-2,
list.dnswl.org [12]=127.0.[0..255].[2..3]*-3, iadb.isipp.com
[16]=127.0.[0..255].[0..255]*-2, iadb.isipp.com
[16]=127.3.100.[6..200]*-2, wl.mailspike.net [13]=127.0.0.[17;18]*-1,
wl.mailspike.net [13]=127.0.0.[19;20]*-2
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_ttl = 1h
postscreen_dnsbl_whitelist_threshold = -4
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = ignore
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = no
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_use_tls = $smtpd_use_tls
postscreen_watchdog_timeout = 10s
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/local/sbin/sendmail
setgid_group = _postdrop
shlib_directory = /usr/local/lib/postfix
smtp_sasl_auth_enable = no
smtp_sasl_mechanism_filter = plain
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
smtp_tls_ciphers = $smtpd_tls_ciphers
smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
smtp_use_tls = yes
smtpd_client_restrictions = check_client_access
hash:/usr/local/etc/postfix/access,reject_rbl_client bl.spamcop.net
[8],reject_rbl_client sbl-xbl.spamhaus.org [17],reject_rbl_client
cbl.abuseat.org [18],reject_rbl_client dnsbl.njabl.org
[19],reject_rbl_client zen.spamhaus.org [4]
smtpd_delay_reject = yes
smtpd_error_sleep_time = 2s
smtpd_hard_error_limit = 2
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
hash:/usr/local/etc/postfix/helo_access, reject_non_fqdn_hostname,
reject_unknown_helo_hostname, reject_invalid_hostname, permit
smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8893
smtpd_recipient_restrictions = reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
check_sender_access hash:/usr/local/etc/postfix/access,
check_client_access hash:/usr/local/etc/postfix/access,
permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, reject_invalid_hostname,
reject_unauth_pipelining, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org
[4], reject_rbl_client sbl-xbl.spamhaus.org [17],
reject_rhsbl_reverse_client dbl.spamhaus.org [20], reject_rhsbl_helo
dbl.spamhaus.org [20], reject_rhsbl_sender dbl.spamhaus.org [20],
check_recipient_access hash:/usr/local/etc/postfix/access,
check_policy_service unix:private/policy
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, permit
smtpd_soft_error_limit = 1
smtpd_tls_CAfile = /private/etc/ssl/certs/sub.class1.server.ca.pem
smtpd_tls_cert_file = /private/etc/ssl/certs/chalmers.com.au.crt
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtpd_tls_key_file = /private/etc/ssl/private/chalmers.com.au.key
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_ciphers = high
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtputf8_enable = no
soft_bounce = no
strict_rfc821_envelopes = yes
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
mysql:/usr/local/etc/postfix/mysql-virtual-alias-maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains =
mysql:/usr/local/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps =
mysql:/usr/local/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_minimum_uid = 100
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:5000
thanks
Robert Chalmers
--
Christian Kivalo
