Loading ...
Sorry, an error occurred while loading the content.
 

Re: dictionary-attack

Expand Messages
  • Matthew Hall
    ... Makes sense. Corrected. ... Agree. Corrected. One other question here. So, if I have a host which matches permit_sasl_authenticated, but also matches one
    Message 1 of 48 , Mar 27, 2013
      On Wed, Mar 27, 2013 at 7:20 PM, Noel Jones <njones@...> wrote:
      > On 3/27/2013 7:18 PM, Matthew Hall wrote:
      >> I altered the restrictions according to the new advice:
      >>
      >> relay_restrictions - removed
      >
      > there's no reason to remove the safety net.

      Makes sense. Corrected.

      > Your smtpd_recipient_restrictions look great, but I will mention
      > list.dsbl.org is dead and unlikely to return; probably best to
      > remove that line instead of just commenting it out.

      Agree. Corrected.

      One other question here. So, if I have a host which matches
      permit_sasl_authenticated, but also matches one of the rejections
      present in check_reverse_client_hostname_access, but
      permit_sasl_authenticated comes first in recipient_restrictions, then
      it's still going to work right, because the first rule in the chain
      wins, correct? Just want to be sure I parsed the documentation
      correctly.

      > -- Noel Jones

      Thanks,
      Matthew
    • Benny Pedersen
      ... add permit_sasl_authenticated before fqrdns.pcre testing -- senders that put my email into body content will deliver it to my own trashcan, so if you like
      Message 48 of 48 , Apr 7 12:40 AM
        On 2013-03-27 23:11, Matthew Hall wrote:

        > I ran into a bit of an issue trying out fqrdns.pcre as recommended
        > here in this thread. The header in the file recommended adding it
        > into
        > smtpd_client_restrictions. However if I place it there, I end up
        > rejecting mail even from SASL authenticated client devices, if they
        > also match a rule in fqrdns.pcre.

        add permit_sasl_authenticated before fqrdns.pcre testing

        --
        senders that put my email into body content will deliver it to my own
        trashcan, so if you like to get reply, dont do it
      Your message has been successfully submitted and would be delivered to recipients shortly.