Keith:
> If you are interested and I do not subsequently break your head can I
> ask some questions as to how to find snippets of your code that might
> do things related to those questions so I can fail to make sense of
> them and rob them to try and implement a/my thing?
I'm afraid that there is
I should pay more attention to which e-mail address I am using to
instill confidence.
Bob
On Thu, 2024-07-25 at 20:31 +0100, Keith wrote:
> On Thu, 2024-07-25 at 13:07 -0400, Wietse Venema via Postfix-users
> wrote:
> > Bob via Postfix-users:
> > > Having put my foot in it by suggesting that Post
Bob via Postfix-users:
> Having put my foot in it by suggesting that Postfix might make calls to
> external functions requiring root access, in particular IPTables, what
> if Postfix had its own version of IPtables.
It was decided long ago that Postfix will be extensible with different
tools from
On 24.07.24 14:40, Bob via Postfix-users wrote:
I get it might be a bit flakey from a security perspective and should
come with warnings but it is my box.
Yes, but when postfix was designed with security in mind, it may
intentionally not support things like this one.
As an aside the content
Apologies if my random ignorance has been a bit much.
Thanks for taking the time to look at the posibilities and also discuss
them with added words for me to look in to. The mention of Policy
Servers and Milters along with the information that is supplied to them
by Postfix causes me to come up wi
Great examples. Thanks for pointing out that.
- 원본 메일 -
보낸사람: Wietse Venema via Postfix-users
받는사람: Postfix users
날짜: 24.07.25 08:57 GMT +0900
제목: [pfx] Re: RFC logs_check
postfix--- via Postfix-users:
> > what's the main difference between a policy server a
Ralph Seichter via Postfix-users wrote in
<87a5i6pesk@ra.horus-it.com>:
|* Steffen Nurpmeso:
|
|>>I think it is more than "a bit flakey". You ask Wietse to support
|>>something which introduces a significant security risk.
|>
|> Now you exaggerate a bit.
|
|Not really, the original exa
postfix--- via Postfix-users:
> > what's the main difference between a policy server and a milter?
>
>
> Policy Server:
> - Coded quickly in scripting language
> - Lightweight, simple, and fast to setup
> - Is only provided limited header information by postfix for evaluating
No headers or
what's the main difference between a policy server and a milter?
Policy Server:
- Coded quickly in scripting language
- Lightweight, simple, and fast to setup
- Is only provided limited header information by postfix for evaluating
Milter:
- More complicated to setup and code
- Has access
* Steffen Nurpmeso:
> >I think it is more than "a bit flakey". You ask Wietse to support
> >something which introduces a significant security risk.
>
> Now you exaggerate a bit.
Not really, the original example of invoking "iptables" directly
requires root provileges. That could be mitigated by u
원본 메일 -
보낸사람: Wietse Venema via Postfix-users
받는사람: Postfix users
날짜: 24.07.25 04:53 GMT +0900
제목: [pfx] Re: RFC logs_check
For complex policies that require real-time responses and that look
at the envelope and message content, I still recommed using a milter.
W
Ralph Seichter, Ralph Seichter via Postfix-users wrote in
<87v80ujyjr@ra.horus-it.com>:
|* Bob via Postfix-users:
|
|> I get it might be a bit flakey from a security perspective and should
|> come with warnings but it is my box.
|
|I think it is more than "a bit flakey". You ask Wietse t
* Bob via Postfix-users:
> I get it might be a bit flakey from a security perspective and should
> come with warnings but it is my box.
I think it is more than "a bit flakey". You ask Wietse to support
something which introduces a significant security risk. Plus, this
particular something is not
* Jaroslaw Rafa via Postfix-users:
> Despite what you say about your unsuccessful attempts with fail2ban,
> it seems the best tool for the job. It's the whole idea of fail2ban
> anyway - if "SOMETHING" appears in the logfile "SOME" number of times
> (which can be 1), then stuff the IP address into
Wietse Venema via Postfix-users wrote in
<4wtl814dp5zj...@spike.porcupine.org>:
|Steffen Nurpmeso via Postfix-users:
|> Keith wrote in
|> :
|>|Hmm Policy Server. Do I have to install one and read the Man Pages?
...
|> The op wants to be able to reject the one emails, and to block IPs
|> of
Steffen Nurpmeso via Postfix-users:
> Keith wrote in
> :
> |Hmm Policy Server. Do I have to install one and read the Man Pages?
> |
> |Then again I might take heart from the suggestion that this has been
> |done before although the mention of blocklisting and coloured flags
> |suggests others
Keith wrote in
:
|Hmm Policy Server. Do I have to install one and read the Man Pages?
|
|Then again I might take heart from the suggestion that this has been
|done before although the mention of blocklisting and coloured flags
|suggests others decided it was a bad idea.
|
|I get that cause
On 25/07/2024 00:19, Bob wrote:
Thanks... Toddles of to read about PostScreen
"Wietse expects that the zombie problem will get worse before things
improve, if ever."
Waves. Sorry if I am being ittitating.
Oh, don't worry, you are showings signs of learning behaviour, something
that seems all
On 25/07/2024 00:08, Bob via Postfix-users wrote:
[SNIP]
Your link has the glimmer of a plan but would I not be back to having
to periodically scan stdout, a file, to check for changes needimg
action?
The fail2ban daemon does that for you.
Once you implement postcreen and the spamhaus recomme
Thanks... Toddles of to read about PostScreen
"Wietse expects that the zombie problem will get worse before things
improve, if ever."
Waves. Sorry if I am being ittitating.
Bob
On Thu, 2024-07-25 at 00:12 +1000, Gary R. Schmidt via Postfix-users
wrote:
> This is exactly what postscreen - which
On 24/07/2024 23:58, Bob via Postfix-users wrote:
[SNIP]
The rest of my logs are stuffed with "user<>" and "unknown" or "does
not resolve to" so they can get in the sea as well.
This is exactly what postscreen - which is part of postfix - and
fail2ban were developed to handle.
I get a lot of
Not sure when it happened but when I had to reinstall it on my Pi the
Pi was missing, ISTR, rsyslog so it was not the fault of Postfix. I
just had to put rsyslog back in and logging was back to normal.
Your link has the glimmer of a plan but would I not be back to having
to periodically scan stdou
Yes. It was just an example. However many of these uninvited warts
don't publish such information and I have no doubt that they
periodically roll addresses. No I am not going to send them an e-mail
so they can pretend to go away.
The rest of my logs are stuffed with "user<>" and "unknown" or "does
Gary R. Schmidt via Postfix-users:
> I'm sure postfix can be configured to use normal log files, or is that
> something that has to be made available at build-time?
https://www.postfix.org/MAILLOG_README.html
Available with Postfix version 3.4 or later. This includes logging
to stdout while runn
I get it might be a bit flakey from a security perspective and should
come with warnings but it is my box.
As an aside the contents of my /etc/postfix directory are owned by root
so I assume Postfix needs root priveledges to access them.
That seems like its already halfway down that particular ra
On 24/07/2024 23:23, Allen Coates via Postfix-users wrote:
On 24/07/2024 13:11, Jaroslaw Rafa via Postfix-users wrote:
I want "Kill on Sight".
Fastest way to me would be Postfix says it logged a connection from
fluffy.cuddly.port.raping.internet-measurement.com calls my script with
the IP add
Bob via Postfix-users:
> As a further ramble headers_checks, a line in mine, looks like this
>
> /ional.co.uk/ REJECT No Spam Please.
>
> At the eame time that Postfix triggers on the match it must know the IP
> address that was associated with the trigger. Instead of the above...
>
> /ional.co.
On 24/07/2024 13:11, Jaroslaw Rafa via Postfix-users wrote:
>> I want "Kill on Sight".
>>
>> Fastest way to me would be Postfix says it logged a connection from
>> fluffy.cuddly.port.raping.internet-measurement.com calls my script with
>> the IP address and they get stuffed up IPTables.
These pa
Oooops. Also applies to me :)
Bob
On Wed, 2024-07-24 at 14:51 +0200, Matus UHLAR - fantomas via Postfix-
users wrote:
> This article is 9 years old and apparently some parts of it are
> obsolete...
___
Postfix-users mailing list -- postfix-users@postfi
On 24.07.24 13:26, Bob via Postfix-users wrote:
Thanks for the reply.
There are some words here,
https://unix.stackexchange.com/questions/179477/how-does-fail2ban-detect-the-time-of-an-intrusion-attempt-if-the-log-files-dont
This article is 9 years old and apparently some parts of it are obso
As a further ramble headers_checks, a line in mine, looks like this
/ional.co.uk/ REJECT No Spam Please.
At the eame time that Postfix triggers on the match it must know the IP
address that was associated with the trigger. Instead of the above...
/ional.co.uk/ REJECT No Spam Please. ACTION iptab
Thanks for the reply.
There are some words here,
https://unix.stackexchange.com/questions/179477/how-does-fail2ban-detect-the-time-of-an-intrusion-attempt-if-the-log-files-dont
Which suggests that Fail2Ban is continuously scanning logfiles for
changes unless you install Gamin which is some sort
Dnia 24.07.2024 o godz. 00:14:51 Bob via Postfix-users pisze:
> I want "Kill on Sight".
>
> Fastest way to me would be Postfix says it logged a connection from
> fluffy.cuddly.port.raping.internet-measurement.com calls my script with
> the IP address and they get stuffed up IPTables.
Despite wha
* Bob via Postfix-users:
> I realise stuff like failtoban is available but when I look at it the
> wrong way, or in any way, it falls over and it only looks at logfiles
> every so often [...]
I found fail2ban not to my taste, so like you I searched for possible
alternatives. I finally came to ter
Bob via Postfix-users wrote in
:
|I know of such things but I am not sure that they are the solution to
|my problem in as much as they are lists of known spammers.
|
|Other than the Hotmail SEO/APP Cretins I have, fingers crossed, only
|suffered from two persistent idiots that are rejected i
I know of such things but I am not sure that they are the solution to
my problem in as much as they are lists of known spammers.
Other than the Hotmail SEO/APP Cretins I have, fingers crossed, only
suffered from two persistent idiots that are rejected in
headers_check.
Not that any of them pay
Yo!
Thanks for the suggestion and the links.
Unfotunately as per,
https://fail2ban.readthedocs.io/en/latest/filters.html
and my previous moan.
Fail2Ban is retro-active and tries to deal with all of the
everything...
https://fail2ban.readthedocs.io/en/latest/filters.html#developing-filters
an
On Tue, 23 Jul 2024 at 23:06, r.barclay--- via Postfix-users <
postfix-users@postfix.org> wrote:
> Hi,
>
> You could use a custom Fail2Ban regular expression to ban IP addresses
> that cause Postfix log entries containing certain domain names.
>
> See
> https://en.wikipedia.org/wiki/Fail2ban
> htt
Hi,
You could use a custom Fail2Ban regular expression to ban IP addresses that
cause Postfix log entries containing certain domain names.
See
https://en.wikipedia.org/wiki/Fail2ban
https://fail2ban.readthedocs.io/en/latest/filters.html
Yours,
Reg
> Gesendet: Dienstag, 23. Juli 2024 um 23:14 U
39 matches
Mail list logo