Hi
A good idea in my opinion, additionally add
reject_sender_login_mismatch with maps (u...@domain.ltd user@domainltd)
smtpd_sender_restrictions =
...
reject_sender_login_mismatch,
...
reject_unauth_pipelining,
Than only reject_unauth_pipelining
smtpd_data_restrictions =
Viktor Dukhovni via Postfix-users:
> On Thu, Dec 21, 2023 at 04:29:20PM -0500, Wietse Venema via Postfix-users
> wrote:
>
> > > > https://gitlab.com/ohisee/block-shodan-stretchoid-census
> > >
> > > I feel no particular urge to block them.
> >
> > They apparently flag a lot more Postfix MTAs
On Thu, Dec 21, 2023 at 04:29:20PM -0500, Wietse Venema via Postfix-users wrote:
> > > https://gitlab.com/ohisee/block-shodan-stretchoid-census
> >
> > I feel no particular urge to block them.
>
> They apparently flag a lot more Postfix MTAs than Exim ones.
By "flag" you mean count instances
Viktor Dukhovni via Postfix-users:
> On Thu, Dec 21, 2023 at 03:08:57PM -0500, pgnd via Postfix-users wrote:
>
> > > This even includes "shodan" looking
> >
> > ugh. shodan.
> >
> > this can help a bit
> >
> > https://gitlab.com/ohisee/block-shodan-stretchoid-census
>
> I feel no particular
On Thu, Dec 21, 2023 at 03:08:57PM -0500, pgnd via Postfix-users wrote:
> > This even includes "shodan" looking
>
> ugh. shodan.
>
> this can help a bit
>
> https://gitlab.com/ohisee/block-shodan-stretchoid-census
I feel no particular urge to block them.
--
Viktor.
On Thu, Dec 21, 2023 at 02:17:34PM -0500, Wietse Venema via Postfix-users wrote:
> Kim Sindalsen via Postfix-users:
> > I'm reading that either " smtpd_data_restrictions =
> > reject_unauth_pipelining" or "smtpd_forbid_unauth_pipelining = yes" should
> > *work* for shor-term workaround, right?
>
Kim Sindalsen via Postfix-users:
> I'm reading that either " smtpd_data_restrictions =
> reject_unauth_pipelining" or "smtpd_forbid_unauth_pipelining = yes" should
> *work* for shor-term workaround, right?
They look for the same thing but at different times.
> I've had data-restrictions for
> -Original Message-
> From: Wietse Venema via Postfix-announce
> Sent: 21. december 2023 13:52
> To: Postfix announce
> Cc: Postfix users
> Subject: [pfx-ann] SMTP Smuggling, workarounds and fix
>
> SHORT-TERM WORKAROUNDS
>
> A short-term workaround can be deployed now, before the