Re: Auto blacklist email addresses
Hello Ralph. Fail2ban can blacklist email addresses too? I want reject email addresses, not block IPs. Thanks Josep El lun, 29-03-2010 a las 21:41 +0200, Ralf Hildebrandt escribió: > * Josep M. : > > Hello. > > > > One spammer has tried about 300 times send me email, always from the > > same address, but from about 20 different IP . Never pass verify sender, > > always get 450 errormy question is...when one email fail postfix > > verify_sender 4 or 5 times..will be possible auto-blacklist this email > > for one week, for example? > > You could use fail2ban for that >
Auto blacklist email addresses
Hello. One spammer has tried about 300 times send me email, always from the same address, but from about 20 different IP . Never pass verify sender, always get 450 errormy question is...when one email fail postfix verify_sender 4 or 5 times..will be possible auto-blacklist this email for one week, for example? I use postfix 2.6.5 and postgrey 1.32 Thanks Josep
Re: Authentication in Postfix (for spam) SOLVED
Hello. Thanks!...Your tip Works great! One question more: You said ".example.com" (with point) What is the differenceincludes subdomains? > > == sender_reject > example.com REJECT authentication required > .example.com REJECT authentication required > Thanks Josep El dom, 27-12-2009 a las 20:47 +0100, mouss escribió: > Josep M. a écrit : > > Hello. > > > > In lasts days one spammer had fun with my email address sending me > > hundresds of emails, most of them rejected by postfix anti-spam > > measures, but not all. > > > > I will explain the spammer send from internet (without authentication): > > > > from: websurfer at navegants.com > > to: websurfer at navegants.com > > > > I have saslauthd running ok, and noboby can send outside the network > > without auth (except localhost), butDo I need something for that one > > IP from internet can't send email "from me to me" without > > authentication? > > > > > > depends what ou mean by "from:" > > if it's the From: header, then there's nothing you can do. check the > mail you posted to the list and you'll see that it has your address in > the "From:" header. > > if you mean the envelope sender (MAIL FROM command), then you can do > different things. For example, > > smtpd_recipient_restrictions = > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination > check_sender_access hash:/etc/postfix/restricted_sender > ... > > == sender_reject > example.com REJECT authentication required > .example.com REJECT authentication required > > > PS. Please put the check_sender_access AFTER reject_unauth_destination. > (sorry for shouting, but it's for your safety!). >
Authentication in Postfix (for spam)
Hello. In lasts days one spammer had fun with my email address sending me hundresds of emails, most of them rejected by postfix anti-spam measures, but not all. I will explain the spammer send from internet (without authentication): from: websurfer at navegants.com to: websurfer at navegants.com I have saslauthd running ok, and noboby can send outside the network without auth (except localhost), butDo I need something for that one IP from internet can't send email "from me to me" without authentication? Thanks Josep smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination,reject_unauth_pipelining, check_recipient_access hash:/etc/postfix/recipient_checks, check_helo_access hash:/etc/postfix/helo_checks, check_helo_access hash:/etc/postfix/access_helo check_sender_accesshash:/etc/postfix/sender_checks.domain, check_sender_accesshash:/etc/postfix/sender_checks.email, check_client_accesshash:/etc/postfix/client_checks, reject_unknown_sender_domain,reject_unknown_recipient_domain, reject_non_fqdn_sender ,reject_non_fqdn_recipient, reject_multi_recipient_bounce,reject_unlisted_recipient, reject_unverified_recipient,permit_sasl_authenticated , check_policy_service unix:private/policy check_policy_service inet:127.0.0.1:6 check_sender_access hash:/etc/postfix/verify_domain check_recipient_access hash:/etc/postfix/verify_user permit
Re: Doubts about ciphers in Postfix SOLVED
El mié, 23-12-2009 a las 07:47 -0500, Victor Duchovni escribió: > On Wed, Dec 23, 2009 at 10:53:41AM +0100, Josep M. wrote: > > > I have designed my own scripts for curiosity, for test saslauthd and > > Postfix AUTH plain and login in both ports, and also test the ciphers in > > Postfix. > > Your curiousity exceeds your skill to interpret the results. Other ciphers was running well with ssl2, this was the mistake. The error was in my scripts, now is solved:) Josep
Re: Doubts about ciphers in Postfix
Hello Victor. I tried before post here with "-ssl2" on the command line, got bad result too:( ./101-mail-smtp-test-starttls-p25-login.sh CIPHER..: RC2-CBC-MD5 TEST FAILED command: openssl s_client -cipher RC2-CBC-MD5 -ssl2 -starttls smtp -crlf -connect localhost:25 2>&1 3263:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: CONNECTED(0003) Josep El mié, 23-12-2009 a las 07:47 -0500, Victor Duchovni escribió: > On Wed, Dec 23, 2009 at 10:53:41AM +0100, Josep M. wrote: > > > I have designed my own scripts for curiosity, for test saslauthd and > > Postfix AUTH plain and login in both ports, and also test the ciphers in > > Postfix. > > Your curiousity exceeds your skill to interpret the results. > > > Always fail, in both ports 25 and 587: > > > > DES-CBC3-MD5SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 > > RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 > > DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 > You forgot to specify "-ssl2" on the command-line, and got a v3 handshake > with a v2-only cipher-list. This does not happen in practice. >
Doubts about ciphers in Postfix
Hello. I have designed my own scripts for curiosity, for test saslauthd and Postfix AUTH plain and login in both ports, and also test the ciphers in Postfix. I have some doubts about ciphers in Postfix, I will explain, all ciphers available with "openssl ciphers -v" there is three that always fail with postfix ( I tested with Debian Lenny (5.0) and Debian Squeeze (testing and future 6.0) ) openssl ciphers -v DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 EDH-RSA-DES-CBC3-SHASSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHASSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 DES-CBC3-SHASSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 DES-CBC3-MD5SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1 DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export Always fail, in both ports 25 and 587: DES-CBC3-MD5SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 All others ciphers run ok in both ports 25 and 587..Should I disable these three ciphers in Postfix? Do I need install any other package? There is something broken? The errors are all as this: ./102-mail-smtp-test-starttls-p25-plain.sh CIPHER..: RC2-CBC-MD5 TEST FAILED command: openssl s_client -cipher RC2-CBC-MD5 -starttls smtp -crlf -connect localhost:25 2>&1 1373:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: CONNECTED(0003) Thanks Josep
Re: Verify_sender in log files
Hello Wietse, Sure, but my question is: how can I check what sender addresses postfix has done the "verify_sender" option? This is what I would like have in logs and extract from logs. Thanks Josep El jue, 27-11-2008 a las 13:24 -0500, Wietse Venema escribió: > Josep M.: > > Time ago I was using this for see what addresses had "verify_sender" > > feature, is just for my own domain. > > > > egrep '(Address verification in progress)' /var/log/maillog > > Wietse: > > This REJECT message is logged only if it takes too long to find out > > the address status. > > > > You will have more consistent results with > > > > egrep 'status=(un)?deliverable' /var/log/maillog > > Josep M.: > > Thanks, but the purpose of look what addresses had verify_sender was for > > add some of these addresses to my whitelists, this is what I was looking > > to do. > > Your egrep pattern finds only the addresses that need more than > 6 seconds before the result is known. > > My egrep pattern does not have this problem. > > Wietse
Re: Verify_sender in log files
Hello Wietse. Thanks, but the purpose of look what addresses had verify_sender was for add some of these addresses to my whitelists, this is what I was looking to do. Josep El jue, 27-11-2008 a las 12:33 -0500, Wietse Venema escribió: > Josep M.: > > Hello. > > > > Time ago I was using this for see what addresses had "verify_sender" > > feature, is just for my own domain. > > > > egrep '(Address verification in progress)' /var/log/maillog > > This REJECT message is logged only if it takes too long to find out > the address status. > > You will have more consistent results with > > egrep 'status=(un)?deliverable' /var/log/maillog > > Wietse
Verify_sender in log files
Hello. Time ago I was using this for see what addresses had "verify_sender" feature, is just for my own domain. egrep '(Address verification in progress)' /var/log/maillog But now postfix 2.5.5 don't display this in the log files, there is any parameter that I should add to postfix for have this? I added "-vv" in master.cf but nothing has changed. Thanks Josep
Delete port 465 in master.cf
Hello. I have Postfix running since some years ago and always ok, now when upgraded to Debian Lenny started giving to me these error messages when tested port 465 Nov 7 09:15:57 140 postfix/smtpd[26674]: fatal: bad boolean configuration: smtpd_tls_auth_only = Nov 7 09:15:58 140 postfix/master[11065]: warning: process /usr/lib/postfix/smtpd pid 26674 exit status 1 Nov 7 09:15:58 140 postfix/master[11065]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling I was reading that port 465 is not supported in new versions of Postfix, so I will use port 587 as I was doing, I would like ask if these line in master.cf config file can be deleted without broke nothing. I tested and apprently is ok. #smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtp d_sasl_auth_enable=yes -o smtpd_tls_auth_only = yes -o smtpd_client_restrictions=permit_sasl_authen ticated,reject Thanks Josep
