Loading ...
Sorry, an error occurred while loading the content.

Re: dictionary-attack

Expand Messages
  • /dev/rob0
    ... I should add here that the most common application of my smtpd restrictions are the RHSBL lookups and non-FQDN HELO, which postscreen cannot do. ... Haha.
    Message 1 of 48 , Mar 29, 2013
    • 0 Attachment
      On Thu, Mar 28, 2013 at 11:09:58PM -0500, Stan Hoeppner wrote:
      > On 3/28/2013 8:03 AM, /dev/rob0 wrote:
      > > If postscreen DNSBLs are your only protection, what happens if
      > > your DNS breaks? Spam flood! Here too, Stan's PCRE list can help,
      > > again, at least as a HELO check (client name checks won't fire if
      > > DNS is gone.)
      >
      > And many people use the table for HELO checks as well for this very
      > reason. Spambots quite often do a PTR lookup on the local IP and
      > use the rDNS name in the HELO string.
      >
      > > Consider the "onion" approach, multiple layers of protection.
      > > When I went to postscreen I left all my old spam restrictions
      > > alone. On rare occasions I have seen where they are used.

      I should add here that the most common application of my smtpd
      restrictions are the RHSBL lookups and non-FQDN HELO, which
      postscreen cannot do.

      > Layered, exactly. And the cost of leaving them enabled is
      > miniscule.
      >
      > > All that said, I personally have not used Stan's PCRE list, but
      >
      > So much for that layered defense Rob. ;)

      Haha. Well, it might help some in the event of DNS slowness, but
      probably not much; my reject_unknown_reverse_client_hostname covers
      outright DNS failure. And if dnsblog misses a positive DNSBL hit in
      time for postscreen, it's cached and ready for smtpd.

      About the only spam I ever see is from relaying ratware. That's not
      much, but it's definitely on the rise. My next layer needs to be
      content filtering. Still looking to round out the corners on this
      square tuit I have. <sigh>
      --
      http://rob0.nodns4.us/ -- system administration and consulting
      Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
    • Benny Pedersen
      ... add permit_sasl_authenticated before fqrdns.pcre testing -- senders that put my email into body content will deliver it to my own trashcan, so if you like
      Message 48 of 48 , Apr 7, 2013
      • 0 Attachment
        On 2013-03-27 23:11, Matthew Hall wrote:

        > I ran into a bit of an issue trying out fqrdns.pcre as recommended
        > here in this thread. The header in the file recommended adding it
        > into
        > smtpd_client_restrictions. However if I place it there, I end up
        > rejecting mail even from SASL authenticated client devices, if they
        > also match a rule in fqrdns.pcre.

        add permit_sasl_authenticated before fqrdns.pcre testing

        --
        senders that put my email into body content will deliver it to my own
        trashcan, so if you like to get reply, dont do it
      Your message has been successfully submitted and would be delivered to recipients shortly.