Loading ...
Sorry, an error occurred while loading the content.

Re: dictionary-attack

Expand Messages
  • /dev/rob0
    ... That was what Stan said, yes. ... Let s scroll down through the mass of quoting over which you top-posted and see what Stan said about that. (It means I ll
    Message 1 of 48 , Mar 28, 2013
    • 0 Attachment
      On Thu, Mar 28, 2013 at 11:15:02AM +0100, Marko Weber | ZBF wrote:
      > "The table was created many years ago over an extended period of
      > time,...................::"

      That was what Stan said, yes.

      > so, its outdated?

      Let's scroll down through the mass of quoting over which you
      top-posted and see what Stan said about that. (It means I'll have to
      fix the rest of the top-posting to get to the rest of your comments,
      but have no fear, I will.)

      > Am 2013-03-25 20:04, schrieb Stan Hoeppner:
      > >The table was created many years ago over an extended period of

      Created ... that means it originated many years ago. Postfix was
      created many years ago also! So, is Postfix outdated? No, Postfix
      isn't outdated. It is actively developed and maintained.

      > >time, by staff at a US ISP, composed of fully qualified POSIX
      > >regular expressions, some 1400 or so, and used with the Postfix
      > >REGEXP facility. When I began maintaining it and offering it

      "... maintaining it ..." see? I would think that something which is
      maintained generally isn't outdated. Depends how well the maintainer
      maintains it, of course.

      Back to Marko:
      > i think its better to use postscreen and a regular updated file
      > like DROP from spamhaus.
      > i refresh this DROP every hour. so maybe wrong listed candidates
      > are deleted in the refreshed file.
      > a static file can only clients "you" want to have block.
      >
      > am i right?

      Not entirely. Think of Stan's PCRE list as a compact, local version
      of Spamhaus PBL. It lists patterns which have been identified in
      reverse DNS names for dynamic hosts, which should not be sending
      mail.

      If you are checking PBL, or more likely, Zen (which includes PBL),
      you're not likely to benefit much from Stan's PCRE list, except for
      those networks which slipped through the PBL cracks. But there too,
      you can also use it as a HELO check after postscreen (things that
      make you go "hmmm": postscreen is actually a prescreen!)

      If postscreen DNSBLs are your only protection, what happens if your
      DNS breaks? Spam flood! Here too, Stan's PCRE list can help, again,
      at least as a HELO check (client name checks won't fire if DNS is
      gone.)

      Consider the "onion" approach, multiple layers of protection. When I
      went to postscreen I left all my old spam restrictions alone. On rare
      occasions I have seen where they are used.

      All that said, I personally have not used Stan's PCRE list, but I've
      seen it discussed here and elsewhere for a lot of years. I guess that
      means I'm outdated also. ;)
      --
      http://rob0.nodns4.us/ -- system administration and consulting
      Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
    • Benny Pedersen
      ... add permit_sasl_authenticated before fqrdns.pcre testing -- senders that put my email into body content will deliver it to my own trashcan, so if you like
      Message 48 of 48 , Apr 7, 2013
      • 0 Attachment
        On 2013-03-27 23:11, Matthew Hall wrote:

        > I ran into a bit of an issue trying out fqrdns.pcre as recommended
        > here in this thread. The header in the file recommended adding it
        > into
        > smtpd_client_restrictions. However if I place it there, I end up
        > rejecting mail even from SASL authenticated client devices, if they
        > also match a rule in fqrdns.pcre.

        add permit_sasl_authenticated before fqrdns.pcre testing

        --
        senders that put my email into body content will deliver it to my own
        trashcan, so if you like to get reply, dont do it
      Your message has been successfully submitted and would be delivered to recipients shortly.