Loading ...
Sorry, an error occurred while loading the content.

Re: dictionary-attack

Expand Messages
  • Wietse Venema
    ... The error messages will not go away. The error is in someone elses DNS server. Postfix will not use such hostnames with reject_unknown_client_hostname.
    Message 1 of 48 , Mar 27, 2013
    • 0 Attachment
      Lima Union:
      > >> Mar 26 15:56:34 relay1 postfix/smtpd[2021]: warning: 64.191.105.74:
      > >> hostname 64-191-105-74.static.hostnoc.net verification failed: Name or
      > >> service not known
      > >
      > > Yes, broken DNS happens. Instead of reject_unknown_client_hostname
      > > you could use reject_unknown_reverse_client_hostname which will
      > > use the name even if the above checks fail.
      > >
      > > http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
      > > http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname
      > >
      > > Also, your chroot jail is missing files. Please complain to the
      > > distributor.
      > >
      > > Wietse
      >
      > Wietse, there's something I don't understand. I've commented out the

      The error messages will not go away. The error is in someone elses DNS server.

      Postfix will not use such hostnames with reject_unknown_client_hostname.
      Therefore it is not useful blocking home computers by their name.

      Postfix will use such hostnames with reject_unknown_reverse_client_hostname.
      Use this for blocking home computers by their name.

      In addition, your chroot jail is missing files, and that was breaking
      your DNS lookups. That bug is caused by the distrutor, so please
      complain there.

      Wietse
    • Benny Pedersen
      ... add permit_sasl_authenticated before fqrdns.pcre testing -- senders that put my email into body content will deliver it to my own trashcan, so if you like
      Message 48 of 48 , Apr 7 12:40 AM
      • 0 Attachment
        On 2013-03-27 23:11, Matthew Hall wrote:

        > I ran into a bit of an issue trying out fqrdns.pcre as recommended
        > here in this thread. The header in the file recommended adding it
        > into
        > smtpd_client_restrictions. However if I place it there, I end up
        > rejecting mail even from SASL authenticated client devices, if they
        > also match a rule in fqrdns.pcre.

        add permit_sasl_authenticated before fqrdns.pcre testing

        --
        senders that put my email into body content will deliver it to my own
        trashcan, so if you like to get reply, dont do it
      Your message has been successfully submitted and would be delivered to recipients shortly.