Re: Thousands of login attempts

On Sun Mar 20 2016 16:00:10 Sebastian Nielsen said: > > I would instead suggest the opposite way around, use whitelisting instead. That doesn’t work. One of my most important customers travels all over the world and may be connecting from quite literally anywhere but

Re: Thousands of login attempts

On Sun Mar 20 2016 16:01:44 Christian Kivalo said: > >>> One minor comment: I would not even offer AUTH on port 25. >> >> I don’t. I offer opportunistic TLS on port 25 for SMTPd. All mail >> submission have to be on port 587. > > You do. Oh, that is right, I

Re: Thousands of login attempts

In message <0f3f9e7a-f0da-400a-b331-514a471b4...@valo.at> Christian Kivalo writes: > > >> One minor comment: I would not even offer AUTH on port 25. > > > >I don't. I offer opportunistic TLS on port 25 for SMTPd. All mail > >submission have to be on port 587. > > You do. > > valo@uschi:~ $

Re: Thousands of login attempts

>> One minor comment: I would not even offer AUTH on port 25. > >I don’t. I offer opportunistic TLS on port 25 for SMTPd. All mail >submission have to be on port 587. You do. valo@uschi:~ $ telnet mail.covisp.net 25 Trying 65.121.55.42... Connected to mail.covisp.net. Escape character is '^]'.

SV: Thousands of login attempts

I would instead suggest the opposite way around, use whitelisting instead. Whitelisting can be done in many ways: 1: You can either whitelist your customer's IP ranges. So if one customer has Telia in Sweden, you tell your firewall to allow 95.196.0.0/14. And so on for every customer/user. 2:

Re: Thousands of login attempts

@lbutlr wrote: /etc/hosts.allow: ALL : 185.103.253.246 : DENY Has no effect. I would suggest using your firewall utility to block this on tcp/ip level. If you are running Postfix under Linux the following iptables command should block this IP to accessing your smtp service on port 25:

Re: Thousands of login attempts

Put the ip in your firewall blacklist is what I did, then you dont even see them as they are blocked at the gate. I extracted all such addreses from my logs, sorted them unique, added them to the firewall blacklist. gone. I know there will always be others, but revenge is sweet . -

Re: Thousands of login attempts

On Mar 20, 2016, at 1:46 PM, Wietse Venema wrote: > > @lbutlr: >> I mean, nothing is getting in, but there are thousands of these, 2000 = > > Then why do you care? They are using 1% of your CPU? I've been in the logs a lot the last few days, and having big these very few

Re: Thousands of login attempts

On Sun, Mar 20, 2016 at 08:21:16PM +0100, wilfried.es...@essignetz.de wrote: > Did you try postscreen_blacklist_action > (http://www.postfix.org/postconf.5.html#postscreen_blacklist_action) > > Default is "ignore" Yes, and probably what the OP wants to set is "drop". If set as "enforce" you'll

Re: Thousands of login attempts

@lbutlr: > I mean, nothing is getting in, but there are thousands of these, 2000 = Then why do you care? They are using 1% of your CPU? Wietse

Re: Thousands of login attempts

Did you try postscreen_blacklist_action (http://www.postfix.org/postconf.5.html#postscreen_blacklist_action) Default is "ignore" Willi Am 20.03.2016 um 20:10 schrieb @lbutlr: > On Sun Mar 20 2016 12:59:08 @lbutlr said: >> >> Mar 20 12:55:37 mail

Re: dumb question about recipient_bcc_maps

On Sun Mar 20 2016 11:08:02 @lbutlr <@lbutlr> said: > > I will try this again, restarting all the mail-related and mail-adjacent > services instead of just postfix. And that seems to have done the trick. Thanks, Wietse, you’ve the patience of a mildly grumpy saint! ;) -- Like the moment

Re: Thousands of login attempts

On Sun Mar 20 2016 12:59:08 @lbutlr said: > > Mar 20 12:55:37 mail postfix/postscreen[29826]: BLACKLISTED > [185.103.253.246]:50804 Stopped postfix and removed the post screen_cache file and restarted postfix. Mar 20 13:03:59 mail postfix/postscreen[30633]: BLACKLISTED

Re: Thousands of login attempts

On Sun Mar 20 2016 12:47:32 @lbutlr <@lbutlr> said: > > But they still keep coming. > > $ date && grep UGFzc3dvcmQ6 /var/log/maillog | tail -1 > Sun Mar 20 12:43:33 MDT 2016 > Mar 20 12:43:31 mail postfix/smtpd[28552]: warning: unknown[185.103.253.246]: > SASL LOGIN authentication failed:

Re: Thousands of login attempts

On Sun Mar 20 2016 12:47:32 @lbutlr <@lbutlr> said: > > postscreen_access_cidr > 185.103.253.246 reject > > $ postmap -q 185.103.253.246 > cidr:/usr/local/etc/postfix/postscreen_access.cidr > reject > > But they still keep coming. > > $ date && grep UGFzc3dvcmQ6 /var/log/maillog | tail

Re: Thousands of login attempts

On Sun Mar 20 2016 12:23:00 /dev/rob0 said: > > On Sun, Mar 20, 2016 at 12:11:57PM -0600, @lbutlr wrote: >> I have many thousands of these over the last seven days: >> >> Mar 20 10:45:27 mail postfix/smtpd[19480]: warning: >> unknown[185.103.253.246]: SASL LOGIN

Re: Thousands of login attempts

Um, perhaps you should utilize some sort of DNS blacklist, which is what my setup here does. If not, then you might want to try relocating what you put into your /etc/hosts.allow file to your /etc/hosts.deny file. I would also recommend utilizing fail2ban -- http://theether.net/kb/100141 On

Re: Thousands of login attempts

On Sun, Mar 20, 2016 at 12:11:57PM -0600, @lbutlr wrote: > I have many thousands of these over the last seven days: > > Mar 20 10:45:27 mail postfix/smtpd[19480]: warning: > unknown[185.103.253.246]: SASL LOGIN authentication failed: > UGFzc3dvcmQ6 > > They are all the exact same, including

Thousands of login attempts

I have many thousands of these over the last seven days: Mar 20 10:45:27 mail postfix/smtpd[19480]: warning: unknown[185.103.253.246]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 They are all the exact same, including the UGF… portion. Mar 20 10:48:34 mail postfix/postscreen[75523]: CONNECT

Re: virtual_alias_maps accounts are bypassing smtpd_recipient_restrictions

Hi Wietse, So it means that there is a postfix wrong behavior? Alfredo - Mensagem original - De: "Wietse Venema" Para: "postfix-users" Enviadas: Quinta-feira, 17 de março de 2016 21:09:15 Assunto: Re: virtual_alias_maps accounts are

Re: dumb question about recipient_bcc_maps

On Sun Mar 20 2016 10:51:51 Wietse Venema said: > > With an after-queue content filter, to prevent the before-filter > Postfix SMTP server from rejecting virtual_alias_maps or canonical_maps > addresses as "user unknown": > > - Don't specify

Re: dumb question about recipient_bcc_maps

@lbutlr: > > Then, expand the virtual alias before the filter. > > Not to be thick, but how would I control the order? With an after-queue content filter, to prevent the before-filter Postfix SMTP server from rejecting virtual_alias_maps or canonical_maps addresses as "user unknown": - Don't

Re: dumb question about recipient_bcc_maps

On Sat Mar 19 2016 18:16:06 Wietse Venema said: > > @lbutlr: >> On Mar 19, 2016, at 5:40 PM, Wietse Venema wrote: >>> Perhaps you have a content filter, and forgot to disable >>> address mapping with receive_override_options on one side >>> of

Re: TLS question on OS X

> On Mar 20, 2016, at 12:22 PM, Rick Zeman wrote: > > Mar 20 12:12:53 miniserv postfix/smtpd[43174]: warning: TLS library > problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown >

TLS question on OS X

Howdy, Upgrading Apple server to Apple's postfix 2.11.0 and seeing this in the logs: Mar 20 12:12:53 miniserv postfix/smtpd[43174]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown

Re: MAIL FROM validiity

Pascal Maes: > > > Le 10 mars 2016 ? 18:49, Wietse Venema a ?crit : > > > > Pascal Maes: > >> Would it be possible to test only the existence of the MAIL FROM ? > > > > With "smtpd_sender_restrictions = reject_unlisted_sender", > > or with "smtpd_reject_unlisted_sender =

Re: Limiting "clamav milter" to received mail only.

Postfix User: > I apologize if this is not the correct place to ask this question. > > I am using the "clamav milter" with Postfix. I assume it is checking > mail both coming and going. I want it to only filter mail I receive. Is > that possible in Postfix? There may be a way in clamav milter to

Re: Postfix message_size_limit

Daniel Wasilewski: > root@vps1:~# postconf -d | grep size_limit Wietse: > Where did you get the "postconf -d" from? If it is from a website > then I would like to get it fixed. Daniel Wasilewski: > I seem it on many forums. > > Last one is on: >

Re: virtual_alias_maps accounts are bypassing smtpd_recipient_restrictions

Lucas Castro: > I still don't know what it is or was the problem. If you still have trouble using Postfix: - Include postfix (non-debug) logging showing the unexpected behavior. - Include your 'postconf -n' output. Then, someone may be able to help you. Wietse

Re: MAIL FROM validiity

> Le 10 mars 2016 à 18:49, Wietse Venema a écrit : > > Pascal Maes: >> Would it be possible to test only the existence of the MAIL FROM ? > > With "smtpd_sender_restrictions = reject_unlisted_sender", > or with "smtpd_reject_unlisted_sender = yes". > >

Limiting "clamav milter" to received mail only.

I apologize if this is not the correct place to ask this question. I am using the "clamav milter" with Postfix. I assume it is checking mail both coming and going. I want it to only filter mail I receive. Is that possible in Postfix? Thanks! -- Jerry

Re: Postfix message_size_limit

I seem it on many forums. Last one is on: https://www.howtoforge.com/community/threads/postfix-says-message-size-exceeds-fixed-limit.1325/ But after Christian K. email i look closer and in same subject is explanation postconf -n and -d same like in man postfix. Problem solved. Best regards