THANK YOU!!!!
I had already recompiled an RPM of postfix with postgres support.
Also, I ended up configuring it differently, because I'm using virtual domains
for everything instead of local delivery. However, you pointed me in the right
direction. Here's what I did:
main.cf:
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql-v-mbox-domains.cf
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql-v-mbox-maps.cf
pgsql-v-mbox-maps.cf:
hosts = localhost
user = dbmail
password = **password**
dbname = dbmail
query = SELECT alias FROM dbmail_aliases where alias='%s';
I know that I should create a "read-only" user and put it in there, but for now
I'm happy to be saving my server from the attack.
You know, every time that I've heard someone saying that "the world is against"
him or her, I've though that person was crazy. Today, hundreds, if not
thousands of different hosts from all over the world were attacking my server,
and I nearly joined the ranks of the insane.
Thanks to everyone who contributes to dbmail.
Aleksander <[EMAIL PROTECTED]> wrote: Brian Neu wrote:
> One fo the domains that I host is receiving an insane distributed brute
> force denial of service attack.
>
> The gist is that Postfix accepts mail for ANY users (after sqlgrey) and
> then passes it through Amavis to Spamassassin, before it reaches dbmail.
>
> Does anyone have a suggestion on denying these emails to invalid users
> "help" "test" "terms" "etc" "iraqcnn" before Amavis and Spamassassin
> start chewing up all available resources?
Hi!
Make sure postfix has support for mysql or pgsql (whichever you are
using for dbmail).
With SLES10 I had to download the source rpm and just rpmbuild it, I got
a postfix-mysql package. With SLES9 I had to add the mysql flags into
the specfile to get a postfix rpm with built in mysql support. With
Fedora Core 6 I had to get the source rpm and in the spec file
enable/define mysql support and rebuild it with rpmbuild to get a
postifix rpm with mysql support. Debian should have a postfix-mysql package.
Install it.
Make a file like this,
/etc/postfix/sql-recipients.cf:
user = YOURREADONLYUSERNAME
password = YOURPASSWORD
hosts = 127.0.0.1
dbname = dbmail
table = dbmail_aliases
select_field = alias
where_field = alias
Add to the main config:
/etc/postfix/main.cf:
local_recipient_maps = mysql:/etc/postfix/sql-recipients.cf
It's basically the same for postgresql, use "pgsql:" instead of "mysql:".
And then:
postmap /etc/postfix/sql-recipients.cf
postfix reload
This will check the SMTP RCTP TO: part, and give back:
550 : Recipient address rejected: User unknown in local
recipient table
You can test it with telnet. Connect to you server with telnet to port
25. And then issue:
HELO yourdomain
MAIL FROM:
RCPT TO:
The answer to RCPT TO should be:
550 : Recipient address rejected: User unknown
in local recipient table
Also note, postfix will accept mail for [EMAIL PROTECTED]
and [EMAIL PROTECTED] This is per RFC. So make sure you
have these accounts. There might be more of them, don't remember.
Also make sure you don't have a catch all alias in the dbmail_aliases
table, like "deliver_to -> @mydomain". Get rid of it.
HTH,
Alex
_______________________________________________
Dbmail-dev mailing list
[email protected]
http://twister.fastxs.net/mailman/listinfo/dbmail-dev
_______________________________________________
Dbmail-dev mailing list
[email protected]
http://twister.fastxs.net/mailman/listinfo/dbmail-dev
