Loading ...
Sorry, an error occurred while loading the content.

Re: dictionary-attack

Expand Messages
  • Wietse Venema
    Lima Union: [ Charset ISO-8859-1 unsupported, converting... ] ... Yes, broken DNS happens. Instead of reject_unknown_client_hostname you could use
    Message 1 of 48 , Mar 26, 2013
    • 0 Attachment
      Lima Union:
      [ Charset ISO-8859-1 unsupported, converting... ]
      > > Am 26.03.2013 19:36, schrieb Lima Union:
      > >>>
      > >> Wietse, ok, I'll disable the fqrdns check for now and check the chroot
      > >> configuration after I return from holidays
      > >
      > > this is ONE char in the master.cf and if i where you i
      > > would not make holidays as long a production server is
      > > known misconfigured
      > >
      >
      > ok, done, chroot has been disabled and the fqrdns.pcre is working now.
      > After disabling the chroot I issued an 'egrep
      > '(warning|error|fatal|panic):' /var/log/mail' and am seeing many
      > warnings like these, is it ok?
      >
      > Mar 26 15:56:03 relay1 postfix/smtpd[2111]: warning: 178.88.224.150:
      > hostname 178.88.224.150.megaline.telecom.kz verification failed: Name
      > or service not known
      > Mar 26 15:56:03 relay1 postfix/smtpd[1953]: warning: 201.216.208.5:
      > hostname customer-static-201-216-208.5.iplannetworks.net verification
      > failed: Name or service not known
      > Mar 26 15:56:18 relay1 postfix/smtpd[1951]: warning: 63.141.239.151:
      > hostname muv4ward.com verification failed: Name or service not known
      > Mar 26 15:56:31 relay1 postfix/smtpd[1951]: warning: 87.98.228.174:
      > address not listed for hostname www.thedesigninstitution.com
      > Mar 26 15:56:34 relay1 postfix/smtpd[2021]: warning: 64.191.105.74:
      > hostname 64-191-105-74.static.hostnoc.net verification failed: Name or
      > service not known

      Yes, broken DNS happens. Instead of reject_unknown_client_hostname
      you could use reject_unknown_reverse_client_hostname which will
      use the name even if the above checks fail.

      http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
      http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname

      Also, your chroot jail is missing files. Please complain to the
      distributor.

      Wietse
    • Benny Pedersen
      ... add permit_sasl_authenticated before fqrdns.pcre testing -- senders that put my email into body content will deliver it to my own trashcan, so if you like
      Message 48 of 48 , Apr 7, 2013
      • 0 Attachment
        On 2013-03-27 23:11, Matthew Hall wrote:

        > I ran into a bit of an issue trying out fqrdns.pcre as recommended
        > here in this thread. The header in the file recommended adding it
        > into
        > smtpd_client_restrictions. However if I place it there, I end up
        > rejecting mail even from SASL authenticated client devices, if they
        > also match a rule in fqrdns.pcre.

        add permit_sasl_authenticated before fqrdns.pcre testing

        --
        senders that put my email into body content will deliver it to my own
        trashcan, so if you like to get reply, dont do it
      Your message has been successfully submitted and would be delivered to recipients shortly.