On Fri, Jun 21, 2024 at 07:20:17AM +0800, Jeff Pang via mailop wrote:
> It seems the black ips are coming endlessly. Most of the bad actions
> are like this one:
>
> postfix/smtps/smtpd[451948]: warning: unknown[211.184.190.87]: SASL LOGIN
> authentication failed: UGFzc3dvcmQ6
>
> I am afraid too many iptables will slow down the performance of systems.
> do you have any suggestion for handling this case?
I make little effort to stop them. Any cycles they're wasting looking
for weak SASL creds on my server are not spent attacking potentially
vulnerable other systems.
That said, it seemed reasonable to implement a recent suggestion from
the Postfix list and block XBL-listed IPs from connecting to my
submission services. This had a rather noticeable effect on the rate of
failed SASL probes. The suggested XBL check was added on May 27th, and
recent counts of failed SASL probes per day were as follows:
1814 May 11
543 May 12
396 May 13
391 May 14
7722 May 15
346 May 16
2136 May 17
1103 May 18
249 May 19
57 May 20
1250 May 21
2438 May 22
164 May 23
326 May 24
1772 May 25
585 May 26
320 May 27
5 May 28
2 May 30
1 Jun 06
1 Jun 07
1 Jun 10
8 Jun 11
7 Jun 12
6 Jun 13
1 Jun 15
1 Jun 16
24 Jun 17
9 Jun 18
1 Jun 19
My master.cf entries for submission:
master.cf:
465 inet n - n - - smtpd
-o smtpd_delay_reject=no
-o { smtpd_client_restrictions = reject_rbl_client
zen.spamhaus.org=127.0.0.4 }
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=
-o smtpd_data_restrictions=
-o smtpd_end_of_data_restrictions=
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_milters=$mua_milters
-o always_add_missing_headers=yes
-o header_checks=$submit_header_checks
-o body_checks=
submission inet n - n - - smtpd
-o smtpd_delay_reject=no
-o { smtpd_client_restrictions = reject_rbl_client
zen.spamhaus.org=127.0.0.4 }
-o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o
smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
-o smtpd_recipient_restrictions=
-o smtpd_data_restrictions=
-o smtpd_end_of_data_restrictions=
-o smtpd_tls_ask_ccert=yes
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_milters=$mua_milters
-o always_add_missing_headers=yes
-o header_checks=$submit_header_checks
-o body_checks=
--
Viktor.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
