postfix/dovecot - [private/dovecot-lmtp]: No such file or directory

Hello list, I am trying to send a mail message from root to a system user on the same box. While postfix functions without dovecot properly, once dovecot is installed, I get the message from logs as set in the subject line - that postfix/lmpt cannot connect to [private/dovecot-lmtp]: No such file

Postfix stable 3.1 release candidate

I have uploaded the stable release candidate postfix-3.1.0-RC1 to the primary mirror. I'll let it cool down a bit, and expect to announce postfix-3.1.0 in a few days. Wietse

Re: SV: Security: How to limit authentication attempts?

Am 21.02.2016 um 13:00 schrieb Kiss Gábor: >>> My colleagues need authenticated channel to submit mails when traveling. >>> So disabling sasl is not an option. >> >> read again i just say disalbe it on port 25 >> >> and convense users to use submission port 587, or 465 as users se fits > > Can

Re: Security: How to limit authentication attempts?

> Use fail2ban for global blocking. With Postfix 3.x, you can also use > smtpd_client_auth_rate_limit to limit the number of AUTH commands > per client IP address. Oh, thanks! This will useful too on new MTA. :-) Gabor

Re: Can't get mynetworks to match a specific host

Noel Jones writes: > On 2/17/2016 1:56 AM, Michael Sperber wrote: In the log, it goes on from there like this: ... Feb 16 03:38:48 deinprogramm postfix/submission/smtpd[76503]: generic_checks: name=permit_mynetworks status=1 Feb 16 03:38:48

Re: Preventing Rewrite of Return Path When Sending via sendmail

Haravikk: > I?m trying to send e-mail via PHP?s built in mail() function (which > uses sendmail), however, although I?m providing a valid return-path, > postfix appears to be rewriting it to become www-d...@domain.tld > , which is not what I want. That is not what

Re: Security: How to limit authentication attempts?

Use fail2ban for global blocking. With Postfix 3.x, you can also use smtpd_client_auth_rate_limit to limit the number of AUTH commands per client IP address. Wietse

Re: Security: How to limit authentication attempts?

‎Sorry about the top posting, but I'm on my phone.  Is this supposed to be 2 and 3 also rather than 20 and 30? in master.cf submission and smtps -o smtpd_soft_error=20 -o smtpd_hard_error=30   Original Message   From: Benny Pedersen Sent: Sunday, February 21, 2016 4:13 AM To:

Re: Blocking TLDs

On 2016-02-20 Sebastian Nielsen wrote: > 1: REJECT tells the spammer "Hey, your spam got stuck in the spam > filter. Wanna try again?". Better to DISCARD it so the spammer think > they got the spam through, then they won't switch to a new domain. > > I don't think anyone ever will receive

Re: SV: Security: How to limit authentication attempts?

On 2016-02-21 13:00, Kiss Gábor wrote: > My colleagues need authenticated channel to submit mails when traveling. > So disabling sasl is not an option. read again i just say disalbe it on port 25 and convense users to use submission port 587, or 465 as users se fits Can you guarantee that hotel

Re: SV: Security: How to limit authentication attempts?

> > My colleagues need authenticated channel to submit mails when traveling. > > So disabling sasl is not an option. > > read again i just say disalbe it on port 25 > > and convense users to use submission port 587, or 465 as users se fits Can you guarantee that hotel firewalls allows to reach

Re: Security: How to limit authentication attempts?

Am 21.02.2016 um 11:48 schrieb Allen Coates: > Do smtpd_hard_error_limit > and > smtpd_soft_error_limit > count > authentication failures as "errors"? > > I don't

Re: SV: Security: How to limit authentication attempts?

On 2016-02-21 12:34, Kiss Gábor wrote: My colleagues need authenticated channel to submit mails when traveling. So disabling sasl is not an option. read again i just say disalbe it on port 25 and convense users to use submission port 587, or 465 as users se fits And I have to receive

SV: SV: Security: How to limit authentication attempts?

Another way to solve it is to use some tool that is able to manipulate the state table, and then you prematurely expire the entires for clients that get banned. I googled and it seems netfilter are able to manipulate state table. That will cause packets from banned clients to immediately be

Re: SV: Security: How to limit authentication attempts?

> disable sasl auth global in main.cf > > and only enable sasl auth in submission & smtps in master.cf with -o pr > service > > but dont disable starttls on port 25 My colleagues need authenticated channel to submit mails when traveling. So disabling sasl is not an option. And I have to receive

Re: SV: Security: How to limit authentication attempts?

On 2016-02-21 12:10, Kiss Gábor wrote: As I wrote this is what I wish to avoid if possible. I don't want an unnecessary check against a list of banned addresses on _every_ IP packet. disable sasl auth global in main.cf and only enable sasl auth in submission & smtps in master.cf with -o pr

Re: SV: Security: How to limit authentication attempts?

Dear Sebastian, > To make sure fail2ban breaks the connection, you need to put the fail2ban > rules BEFORE any "ESTABLISHED,RELATED" rule. As I wrote this is what I wish to avoid if possible. I don't want an unnecessary check against a list of banned addresses on _every_ IP packet. Regards

Re: Security: How to limit authentication attempts?

Dear Allen, > > This is a brute force attack in order to get a valid username/password pair. > > The cracker usually does 20 attempts within a single SMTP session. > Do smtpd_hard_error_limit > and Ooops! That is it. Default of

SV: Security: How to limit authentication attempts?

To make sure fail2ban breaks the connection, you need to put the fail2ban rules BEFORE any "ESTABLISHED,RELATED" rule. Then it will simply drop the packets regardless of if the connection is in the firewall's state table or not. smime.p7s Description: S/MIME Cryptographic Signature

Preventing Rewrite of Return Path When Sending via sendmail

I’m trying to send e-mail via PHP’s built in mail() function (which uses sendmail), however, although I’m providing a valid return-path, postfix appears to be rewriting it to become www-d...@domain.tld , which is not what I want. Is there a way to prevent this in

Re: Security: How to limit authentication attempts?

Do smtpd_hard_error_limit and smtpd_soft_error_limit count authentication failures as "errors"? I don't receive enough emails (or attacks) to have a definitive answer.

Re: Security: How to limit authentication attempts?

> I _do_ use fail2ban. > However -- as I wrote -- it can be circumvented. > > Maybe you missed my first post. See > http://article.gmane.org/gmane.mail.postfix.user/254364 You are right, I missed the first one. I’m sorry for the noise. In your case, the functionality would need to be inside

Re: Security: How to limit authentication attempts?

On 2016-02-21 08:47, Kiss Gábor wrote: Feb 21 04:12:05 MYOLDMTA postfix/smtpd[12967]: warning: unknown[195.22.126.159]: SASL LOGIN authentication failed: authentication failure https://www.google.dk/search?q=freecode+autofwd fail2ban does not support ipv6 and autofwd is more simple and does

Re: Security: How to limit authentication attempts?

On 2/21/2016 8:19 PM, Petri Riihikallio wrote: >> Essence of my question was not "how to block manually an already >> known >> malicious client?" but "how to apply some restrictions >> automatically on any suspicious clients?” > Take a look at Fail2Ban or SSHGuard. They keep an eye on your logs

Re: Security: How to limit authentication attempts?

> Take a look at Fail2Ban or SSHGuard. They keep an eye on your logs and add > firewall rules dynamically. They also expire the rules eventually. Dear Petri, I _do_ use fail2ban. However -- as I wrote -- it can be circumvented. Maybe you missed my first post. See

Re: Security: How to limit authentication attempts?

> Essence of my question was not "how to block manually an already > known malicious client?" but "how to apply some restrictions > automatically on any suspicious clients?” Take a look at Fail2Ban or SSHGuard. They keep an eye on your logs and add firewall rules dynamically. They also expire

Re: Security: How to limit authentication attempts?

> > Is there any way to instruct smtpd to close session after 3 unsuccesful > > attempts as is written in RFC 4954? I found no appropriate config parameter. > > Either use postfwd2 or write your own policy server. For permanent blocks use > check_sasl_access (newer Postfix only) and let it read a

Re: Security: How to limit authentication attempts?

* Kiss Gábor : > Dear folks, > > My logs are full of lines like this: > > Feb 21 04:12:05 MYOLDMTA postfix/smtpd[12967]: warning: > unknown[195.22.126.159]: SASL LOGIN authentication failed: authentication > failure > > This is a brute force attack in order to get a valid