[pfx] Re: Postfix: running a script on authentication failure

On Sat, 2023-06-24 at 16:35 +1200, Peter via Postfix-users wrote: > On 23/06/23 07:05, André Rodier via Postfix-users wrote: > > Is there any way, with postfix, to run a script on authentication > > failure, with information like the IP address and the > > username passed, for instance. > > You

[pfx] Re: Postfix: running a script on authentication failure

On Sat, 2023-06-24 at 16:35 +1200, Peter via Postfix-users wrote: > On 23/06/23 07:05, André Rodier via Postfix-users wrote: > > Is there any way, with postfix, to run a script on authentication > > failure, with information like the IP address and the > > username passed, for instance. > > You

[pfx] Re: Postfix: running a script on authentication failure

On 23/06/23 07:05, André Rodier via Postfix-users wrote: Is there any way, with postfix, to run a script on authentication failure, with information like the IP address and the username passed, for instance. You can write your script up as a policy daemon and have it listen on an inet or

[pfx] Re: Postfix: running a script on authentication failure

On 6/23/23 04:26, Luciano Mannucci via Postfix-users wrote: On Thu, 22 Jun 2023 21:05:35 +0200 André Rodier via Postfix-users wrote: What are you using on your side ? I have a small script that scans the log for failed login attempts, banning the offending ip via firewall if it sees more

[pfx] Re: Postfix: running a script on authentication failure

On Thu, 22 Jun 2023 21:05:35 +0200 André Rodier via Postfix-users wrote: > What are you using on your side ? I have a small script that scans the log for failed login attempts, banning the offending ip via firewall if it sees more than a certain number of attempts (initially set to 24, now

[pfx] Re: Postfix: running a script on authentication failure

Hi, > On 22 Jun 2023, at 21:05, André Rodier via Postfix-users > wrote: > > What are you using on your side ? I'm running postfix on FreeBSD so I can use blacklistd. A blacklistd hook has been inserted in Postfix source code so treatment is triggered directly from events handled by

[pfx] Re: Postfix: running a script on authentication failure

On 22/06/2023 16:09, Viktor Dukhovni via Postfix-users wrote: > So, at least in my case, geofencing is not an option. Of course not - there is never a universal solution. In the matter of multi-factor authentication, discussions are increasingly quoting a fourth factor:  "WHERE you are". 

[pfx] Re: Postfix: running a script on authentication failure

On Thu, 2023-06-22 at 15:45 +0100, Allen Coates via Postfix-users wrote: > > > On 22/06/2023 12:58, André Rodier via Postfix-users wrote: > > > > What are you using on your side ? > > > > - Do you know any service, that I could use, to get the network to ban from > > an IP address reputation,

[pfx] Re: Postfix: running a script on authentication failure

Am 22.06.23 um 19:18 schrieb Steffen Nurpmeso: Robert Schetterer wrote in : |Am 22.06.2023 um 13:58 schrieb André Rodier via Postfix-users: ... |> Shortly after it has been setup, I see brute force attacks (not |> surprising) from a whole /24 network (more surprising). ... |> Is

[pfx] Re: Postfix: running a script on authentication failure

Dnia 22.06.2023 o godz. 13:58:20 André Rodier via Postfix-users pisze: > > I just set-up a new server, running postfix, with submission(s) activated > on standard ports (587, 465) > > Shortly after it has been setup, I see brute force attacks (not > surprising) from a whole /24 network (more

[pfx] Re: Postfix: running a script on authentication failure

Robert Schetterer wrote in : |Am 22.06.2023 um 13:58 schrieb André Rodier via Postfix-users: ... |> Shortly after it has been setup, I see brute force attacks (not |> surprising) from a whole /24 network (more surprising). ... |> Is there any way, with postfix, to run a script on

[pfx] Re: Postfix: running a script on authentication failure

On Thu, Jun 22, 2023 at 03:45:43PM +0100, Allen Coates via Postfix-users wrote: > Is it possible / practical to develop the concept of a "service area" > - to white-list all the net-blocks where all your genuine callers > originate, and prohibit everywhere else? Perhaps if none of your users

[pfx] Re: Postfix: running a script on authentication failure

Dnia 22.06.2023 o godz. 15:45:43 Allen Coates via Postfix-users pisze: > > Just thinking at a tangent... > > Is it possible / practical to develop the concept of a "service area" - to > white-list all the net-blocks where all your > genuine callers originate, and prohibit everywhere else? > >

[pfx] Re: Postfix: running a script on authentication failure

On 22/06/2023 12:58, André Rodier via Postfix-users wrote: > > What are you using on your side ? > > - Do you know any service, that I could use, to get the network to ban from > an IP address reputation, something like > crowdsec, for instance ? > - Anyone has success with Suricata, Snort, or

[pfx] Re: Postfix: running a script on authentication failure

On 22 Jun 2023, at 14:18, Wietse Venema via Postfix-users wrote:Postfix does not implement SASL auth. It proxies the bits betwenthe remote SMTP client and (SASL library or Dovecot). If you mustsee SASL details, use Dovecot "auth_debug=yes" logging, and run atool that acts on that information.    

[pfx] Re: Postfix: running a script on authentication failure

Postfix does not implement SASL auth. It proxies the bits betwen the remote SMTP client and (SASL library or Dovecot). If you must see SASL details, use Dovecot "auth_debug=yes" logging, and run a tool that acts on that information. Wietse ___

[pfx] Re: Postfix: running a script on authentication failure

Am 22.06.2023 um 13:58 schrieb André Rodier via Postfix-users: Hello, all. I just set-up a new server, running postfix, with submission(s) activated on standard ports (587, 465) Shortly after it has been setup, I see brute force attacks (not surprising) from a whole /24 network (more