Loading ...
Sorry, an error occurred while loading the content.

Re: dictionary-attack

Expand Messages
  • Stan Hoeppner
    ... Instead of using a caching DNS proxy daemon querying Google s public DNS servers, I recommend you run a recursing caching resolver on your Postfix host,
    Message 1 of 48 , Mar 27, 2013
    • 0 Attachment
      On 3/26/2013 1:29 PM, Lima Union wrote:

      > No ipv6 here and pdnsd is using 8.8.8.8 as DNS server.

      Instead of using a caching DNS proxy daemon querying Google's public DNS
      servers, I recommend you run a recursing caching resolver on your
      Postfix host, such as PowerDNS recursor (I've been using it for years
      without any issues). There are a few reasons for this:

      1. Spamhaus refuses dnsbls queries from Google DNS servers, and most
      public DNS servers, because of volume. Thus you can't query the Zen
      list using this proxy setup. Other dnsbl operators may block Google DNS
      as well.

      2. Latency is greatly reduced as your DNS queries are direct instead of
      proxied. On a high volume server latency is critical as it limits
      message throughput.

      3. If you have DNS related problems at some point in the future, you
      have complete control and troubleshooting ability. If using Google or
      another DNS server via proxy you're at that operator's mercy. And there
      is always the possibility that Google may modify results in some way, or
      respond inaccurately due to some policy or other reason.

      It's best to run your own resolver and do direct queries.

      --
      Stan
    • Benny Pedersen
      ... add permit_sasl_authenticated before fqrdns.pcre testing -- senders that put my email into body content will deliver it to my own trashcan, so if you like
      Message 48 of 48 , Apr 7, 2013
      • 0 Attachment
        On 2013-03-27 23:11, Matthew Hall wrote:

        > I ran into a bit of an issue trying out fqrdns.pcre as recommended
        > here in this thread. The header in the file recommended adding it
        > into
        > smtpd_client_restrictions. However if I place it there, I end up
        > rejecting mail even from SASL authenticated client devices, if they
        > also match a rule in fqrdns.pcre.

        add permit_sasl_authenticated before fqrdns.pcre testing

        --
        senders that put my email into body content will deliver it to my own
        trashcan, so if you like to get reply, dont do it
      Your message has been successfully submitted and would be delivered to recipients shortly.