Loading ...
Sorry, an error occurred while loading the content.

Re: dictionary-attack

Expand Messages
  • Lima Union
    ... ok, it seems that for some reason the check is not being triggered (#847) after a postfix reload and 24 hours of operation in a busy server, any ideas? 835
    Message 1 of 48 , Mar 26, 2013
    • 0 Attachment
      On Mon, Mar 25, 2013 at 10:52 AM, Noel Jones <njones@...> wrote:
      > On 3/25/2013 7:55 AM, Lima Union wrote:
      >> On Sat, Mar 23, 2013 at 11:31 AM, Benny Pedersen <me@...> wrote:
      >>> Ejaz skrev den 2013-03-23 11:49:
      >>>
      > ...
      >>>
      >>> are you missing http://www.hardwarefreak.com/fqrdns.pcre ? :)
      >>
      >> very interesting link, as I understand my postfix is not prepared for
      >> pcre thus I won't be able to use it, right?
      >>
      >> $ /usr/sbin/postconf -m
      >> btree
      >> cidr
      >> environ
      >> hash
      >> internal
      >> ldap
      >> nis
      >> proxy
      >> regexp
      >> static
      >> tcp
      >> unix
      >>
      >> LU
      >>
      >
      >
      > You can use this file as a regexp: type.
      >
      > pcre is recommended as it's a little faster than the built-in regexp
      > library on most systems.
      >
      > This particular file doesn't (seem to) have any pcre-specific syntax
      > in it, so should work fine with regexp.
      >
      > You can test it yourself easily enough...
      > # postmap -q foo regexp:fqrdns.pcre
      >
      > (yes, I mean "foo"; should give no output nor errors)
      >
      >
      > # postmap -q 000000.cpe.cableonda.net regexp:fqrdns.pcre
      > REJECT Generic - Please relay via ISP (cableonda.net)
      >
      > (picked at random, shows that matching works)
      >
      >
      >
      >
      > -- Noel Jones

      ok, it seems that for some reason the check is not being triggered
      (#847) after a postfix reload and 24 hours of operation in a busy
      server, any ideas?

      835 smtpd_recipient_restrictions =
      836 permit_mynetworks,
      837 reject_unauth_destination,
      838 reject_invalid_helo_hostname,
      839 reject_non_fqdn_helo_hostname,
      840 # warn_if_reject reject_unknown_helo_hostname,
      841 reject_non_fqdn_sender,
      842 reject_non_fqdn_recipient,
      843 # reject_unknown_sender_domain,
      844 # reject_unknown_recipient_domain,
      845 reject_unverified_recipient,
      846 check_client_access
      hash:$config_directory/maps/smtpd_client_checks,
      847 check_reverse_client_hostname_access
      regexp:$config_directory/maps/fqrdns.pcre,
      848 check_helo_access hash:$config_directory/maps/smtpd_helo_checks,
      849 check_sender_access
      hash:$config_directory/maps/smtpd_sender_checks,
      850 check_sender_access
      regexp:$config_directory/maps/smtpd_sender_checks.regexp,
      851 check_recipient_access
      hash:$config_directory/maps/smtpd_recipient_checks,
      852 reject_non_fqdn_hostname,
      853 # reject_unverified_recipient,
      854 reject_rbl_client zen.spamhaus.org,
      855 reject_rbl_client b.barracudacentral.org,
      856 reject_rbl_client psbl.surriel.com,
      857 reject_rbl_client bl.spamcop.net,
      858 reject_rhsbl_client rhsbl.sorbs.net,
      859 check_sender_access
      hash:$config_directory/maps/forged_domain_senders,
      860 check_policy_service inet:127.0.0.1:10023,
      861 permit

      Thanks in advance.
      LU
    • Benny Pedersen
      ... add permit_sasl_authenticated before fqrdns.pcre testing -- senders that put my email into body content will deliver it to my own trashcan, so if you like
      Message 48 of 48 , Apr 7, 2013
      • 0 Attachment
        On 2013-03-27 23:11, Matthew Hall wrote:

        > I ran into a bit of an issue trying out fqrdns.pcre as recommended
        > here in this thread. The header in the file recommended adding it
        > into
        > smtpd_client_restrictions. However if I place it there, I end up
        > rejecting mail even from SASL authenticated client devices, if they
        > also match a rule in fqrdns.pcre.

        add permit_sasl_authenticated before fqrdns.pcre testing

        --
        senders that put my email into body content will deliver it to my own
        trashcan, so if you like to get reply, dont do it
      Your message has been successfully submitted and would be delivered to recipients shortly.