Loading ...
Sorry, an error occurred while loading the content.

Re: lost connection after STARTTLS / botnet

Expand Messages
  • Wietse Venema
    ... [bunch of end-user IP addresses] ... If it ties up your SMTP daemons, postscreen can deal with them, but for this you need to turn on an
    Message 1 of 3 , Dec 7, 2012
    • 0 Attachment
      Robert Schetterer:
      > ---snip
      [bunch of end-user IP addresses]
      > Dec 7 19:41:34 mail02 postfix/smtpd[8315]: lost connection after
      > STARTTLS from host-111-184-248-207.dynamic.kbtelecom.net[111.184.248.207]
      > --snipend
      >
      > anyone else with this ?
      > what might best to do , configure postscreen etc ?

      If it ties up your SMTP daemons, postscreen can deal with them,
      but for this you need to turn on an "after-220-greeting" test, for
      example

      postscreen_pipelining_enable = yes

      And perhaps:

      postscreen_pipelining_action = ignore

      Every 30 days by default, an SMTP client will spend one SMTP session
      just to renew its whitelist status, and gets 4xx replies for attempts
      to deliver mail (see postscreen_pipelining_ttl parameter documentation).
      The next time the client connects, it will be allowed to deliver mail.

      You'd need to use memcache if you want to share the postscreen
      whitelist among multiple MTAs.

      Wietse
    • Robert Schetterer
      ... thx for info Wietse, by design reasons postscreen cant be used on all conected ips on this server cluster i will wait and see, perhaps i will setup
      Message 2 of 3 , Dec 7, 2012
      • 0 Attachment
        Am 07.12.2012 20:55, schrieb Wietse Venema:
        > Robert Schetterer:
        >> ---snip
        > [bunch of end-user IP addresses]
        >> Dec 7 19:41:34 mail02 postfix/smtpd[8315]: lost connection after
        >> STARTTLS from host-111-184-248-207.dynamic.kbtelecom.net[111.184.248.207]
        >> --snipend
        >>
        >> anyone else with this ?
        >> what might best to do , configure postscreen etc ?
        >
        > If it ties up your SMTP daemons, postscreen can deal with them,
        > but for this you need to turn on an "after-220-greeting" test, for
        > example
        >
        > postscreen_pipelining_enable = yes
        >
        > And perhaps:
        >
        > postscreen_pipelining_action = ignore
        >
        > Every 30 days by default, an SMTP client will spend one SMTP session
        > just to renew its whitelist status, and gets 4xx replies for attempts
        > to deliver mail (see postscreen_pipelining_ttl parameter documentation).
        > The next time the client connects, it will be allowed to deliver mail.
        >
        > You'd need to use memcache if you want to share the postscreen
        > whitelist among multiple MTAs.
        >
        > Wietse
        >

        thx for info Wietse, by design reasons
        postscreen cant be used on all conected ips on this server cluster
        i will wait and see, perhaps i will setup postscreen partly


        Best Regards
        MfG Robert Schetterer

        --
        [*] sys4 AG

        http://sys4.de, +49 (89) 30 90 46 64
        Franziskanerstraße 15, 81669 München

        Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
        Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
        Aufsichtsratsvorsitzender: Joerg Heidrich
      Your message has been successfully submitted and would be delivered to recipients shortly.