Loading ...
Sorry, an error occurred while loading the content.

Re: dictionary-attack

Expand Messages
  • Stan Hoeppner
    ... The instructions I provide are examples, not a concise how-to. As with any restriction table, it s up to the administrator to decide how/where it best
    Message 1 of 48 , Mar 27, 2013
    • 0 Attachment
      On 3/27/2013 5:11 PM, Matthew Hall wrote:

      > I ran into a bit of an issue trying out fqrdns.pcre as recommended
      > here in this thread. The header in the file recommended adding it into
      > smtpd_client_restrictions.

      The instructions I provide are examples, not a concise how-to. As with
      any restriction table, it's up to the administrator to decide how/where
      it best fits into his/her configuration. This table is targeted at
      intermediate to advanced level Postfix administrators, not entry level
      folks.

      > However if I place it there, I end up
      > rejecting mail even from SASL authenticated client devices, if they
      > also match a rule in fqrdns.pcre.

      This is because you inserted the restriction before
      permit_sasl_authenticated. It must be inserted after.

      > Is it acceptable to put it into smtpd_relay_restrictions instead?

      It seems pretty clear you need to convert to putting everything under
      smtpd_recipient_restrictions. Makes things a lot easier. I give an
      example of this in the instructions as well. Doing so gives you precise
      control of restriction evaluation order. Frankly I'm surprised anyone
      still uses the old multi-section restrictions configuration these days.
      If after Google you need help converting, let us know.

      --
      Stan
    • Benny Pedersen
      ... add permit_sasl_authenticated before fqrdns.pcre testing -- senders that put my email into body content will deliver it to my own trashcan, so if you like
      Message 48 of 48 , Apr 7 12:40 AM
      • 0 Attachment
        On 2013-03-27 23:11, Matthew Hall wrote:

        > I ran into a bit of an issue trying out fqrdns.pcre as recommended
        > here in this thread. The header in the file recommended adding it
        > into
        > smtpd_client_restrictions. However if I place it there, I end up
        > rejecting mail even from SASL authenticated client devices, if they
        > also match a rule in fqrdns.pcre.

        add permit_sasl_authenticated before fqrdns.pcre testing

        --
        senders that put my email into body content will deliver it to my own
        trashcan, so if you like to get reply, dont do it
      Your message has been successfully submitted and would be delivered to recipients shortly.