[pfx] Re: Masters.cf

Tue, 28 May 2024 19:11:14 -0700 

On Wed, May 29, 2024 at 11:58:31AM +1000, Viktor Dukhovni via Postfix-users 
wrote:

> You might in fact want to reject XBL IPs early, before they even
> attempt authentication.  So I have:
> 
>     465        inet  n       -       n       -       -       smtpd
>         -o smtpd_delay_reject=no
>         -o {smtpd_client_restrictions=reject_rbl_client 
> zen.spamhaus.org=127.0.0.4}
>         -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
>         ...
> 
>     submission inet  n       -       n       -       -       smtpd
>         -o smtpd_delay_reject=no
>         -o {smtpd_client_restrictions=reject_rbl_client 
> zen.spamhaus.org=127.0.0.4}
>         -o 
> smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
> 

Example logs showing early enforcement for the above:

    postfix/smtps/smtpd[3583655]: connect from unknown[115.44.140.188]
    postfix/smtps/smtpd[3583655]: Anonymous TLS connection established from 
unknown[115.44.140.188]:
        TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
    postfix/smtps/smtpd[3583655]: NOQUEUE: reject: CONNECT from 
unknown[115.44.140.188]:
        554 5.7.1 Service unavailable; Client host [115.44.140.188] blocked 
using zen.spamhaus.org;
        Listed by XBL, see https://check.spamhaus.org/query/ip/115.44.140.188 /
        Listed by CSS, see https://check.spamhaus.org/query/ip/115.44.140.188; 
proto=SMTP
    postfix/smtps/smtpd[3583655]: lost connection after CONNECT from 
unknown[115.44.140.188]
    postfix/smtps/smtpd[3583655]: disconnect from unknown[115.44.140.188] 
commands=0/0

    postfix/submission/smtpd[3583513]: connect from 
burger.census.shodan.io[66.240.219.146]
    postfix/submission/smtpd[3583513]: NOQUEUE: reject: CONNECT from 
burger.census.shodan.io[66.240.219.146]:
        554 5.7.1 Service unavailable; Client host [66.240.219.146] blocked 
using zen.spamhaus.org;
        Listed by CSS, see https://check.spamhaus.org/query/ip/66.240.219.146 /
        Listed by XBL, see https://check.spamhaus.org/query/ip/66.240.219.146; 
proto=SMTP
    postfix/submission/smtpd[3583513]: lost connection after CONNECT from 
burger.census.shodan.io[66.240.219.146]
    postfix/submission/smtpd[3583513]: disconnect from 
burger.census.shodan.io[66.240.219.146] ehlo=0/1 commands=0/1

The wrapper-mode TLS "smtps" rejects are naturally after the TLS handshake.

-- 
    Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to