Re: SV: Security: How to limit authentication attempts?

Kiss Gábor wrote: >>> My colleagues need authenticated channel to submit mails when traveling. >>> So disabling sasl is not an option. >> >> read again i just say disalbe it on port 25 >> >> and convense users to use submission port 587, or 465 as users se fits > > Can you guarantee that hotel

Re: SV: Security: How to limit authentication attempts?

Am 21.02.2016 um 13:00 schrieb Kiss Gábor: >>> My colleagues need authenticated channel to submit mails when traveling. >>> So disabling sasl is not an option. >> >> read again i just say disalbe it on port 25 >> >> and convense users to use submission port 587, or 465 as users se fits > > Can

Re: SV: Security: How to limit authentication attempts?

On 2016-02-21 13:00, Kiss Gábor wrote: > My colleagues need authenticated channel to submit mails when traveling. > So disabling sasl is not an option. read again i just say disalbe it on port 25 and convense users to use submission port 587, or 465 as users se fits Can you guarantee that hotel

Re: SV: Security: How to limit authentication attempts?

> > My colleagues need authenticated channel to submit mails when traveling. > > So disabling sasl is not an option. > > read again i just say disalbe it on port 25 > > and convense users to use submission port 587, or 465 as users se fits Can you guarantee that hotel firewalls allows to reach

Re: SV: Security: How to limit authentication attempts?

On 2016-02-21 12:34, Kiss Gábor wrote: My colleagues need authenticated channel to submit mails when traveling. So disabling sasl is not an option. read again i just say disalbe it on port 25 and convense users to use submission port 587, or 465 as users se fits And I have to receive

SV: SV: Security: How to limit authentication attempts?

be dropped after a ban. -Ursprungligt meddelande- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Kiss Gábor Skickat: den 21 februari 2016 12:11 Till: Sebastian Nielsen <sebast...@sebbe.eu> Kopia: postfix-users@postfix.org Ämne: Re: SV: Security: How to

Re: SV: Security: How to limit authentication attempts?

> disable sasl auth global in main.cf > > and only enable sasl auth in submission & smtps in master.cf with -o pr > service > > but dont disable starttls on port 25 My colleagues need authenticated channel to submit mails when traveling. So disabling sasl is not an option. And I have to receive

Re: SV: Security: How to limit authentication attempts?

On 2016-02-21 12:10, Kiss Gábor wrote: As I wrote this is what I wish to avoid if possible. I don't want an unnecessary check against a list of banned addresses on _every_ IP packet. disable sasl auth global in main.cf and only enable sasl auth in submission & smtps in master.cf with -o pr

Re: SV: Security: How to limit authentication attempts?

Dear Sebastian, > To make sure fail2ban breaks the connection, you need to put the fail2ban > rules BEFORE any "ESTABLISHED,RELATED" rule. As I wrote this is what I wish to avoid if possible. I don't want an unnecessary check against a list of banned addresses on _every_ IP packet. Regards

SV: Security: How to limit authentication attempts?

To make sure fail2ban breaks the connection, you need to put the fail2ban rules BEFORE any "ESTABLISHED,RELATED" rule. Then it will simply drop the packets regardless of if the connection is in the firewall's state table or not. smime.p7s Description: S/MIME Cryptographic Signature