Re: Postfix: running a script on authentication failure

2023-06-27 Thread Michael Peddemors
On 2023-06-26 17:17, Joseph Tam wrote: On Thu, 22 Jun 2023, Michael Peddemors wrote: * Use services like RATS-AUTH to block IPs that can safely be blocked as known hackers.. Cool. Are there other DNSRBLs (apart from bl.blocklist.de) that list BFD attack IPs? * Use services like RATS-NULL

Re: Postfix: running a script on authentication failure

2023-06-26 Thread Joseph Tam
On Thu, 22 Jun 2023, Michael Peddemors wrote: > * Use services like RATS-AUTH to block IPs that can safely be blocked as > known hackers.. Cool. Are there other DNSRBLs (apart from bl.blocklist.de) that list BFD attack IPs? > * Use services like RATS-NULL (or SpamHaus DROP lists) right in the

Re: Postfix: running a script on authentication failure

2023-06-22 Thread Michael Peddemors
Their is more and more reasons to use 3rd party network reputation at the authentication level. While our platforms have pretty sophisticated combination, that includes of course transparent 2FA, but a very granular set of rules for stopping BEC (Business Email Compromise), and dropping obviou

Re: [Fail2ban-users] Postfix: running a script on authentication failure

2023-06-22 Thread Nick Howitt via dovecot
On 2023-06-22 12:58, André Rodier via Fail2ban-users wrote: Hello, all. I just set-up a new server, running postfix, with submission(s) activated on standard ports (587, 465) Shortly after it has been setup, I see brute force attacks (not surprising) from a whole /24 network (more surprising)

Re: [pfx] Postfix: running a script on authentication failure

2023-06-22 Thread dovecot--- via dovecot
Is there any way, with postfix, to run a script on authentication failure, with information like the IP address and the username passed, for instance. I wrote my own script for omprog which is part of rsyslog to read dovecot auth fails. Because postfix authenticates with dovecot and dovecot w

Re: [Fail2ban-users] Postfix: running a script on authentication failure

2023-06-22 Thread André Rodier via dovecot
On Thu, 2023-06-22 at 16:27 +0100, Nick Howitt via Fail2ban-users wrote: > > > On 2023-06-22 12:58, André Rodier via Fail2ban-users wrote: > > Hello, all. > > > > I just set-up a new server, running postfix, with submission(s) > > activated on standard ports (587, 465) > > > > Shortly after it

Postfix: running a script on authentication failure

2023-06-22 Thread André Rodier via dovecot
Hello, all. I just set-up a new server, running postfix, with submission(s) activated on standard ports (587, 465) Shortly after it has been setup, I see brute force attacks (not surprising) from a whole /24 network (more surprising). I carefully checked the logs, and see the modus operandi, w

Postfix: running a script on authentication failure

2023-06-22 Thread André Rodier via dovecot
Hello, all. I just set-up a new server, running postfix, with submission(s) activated on standard ports (587, 465) Shortly after it has been setup, I see brute force attacks (not surprising) from a whole /24 network (more surprising). I carefully checked the logs, and see the modus operandi, w