[pfx] Re: Masters.cf

Tue, 28 May 2024 19:16:11 -0700 


On 5/28/24 10:11 PM, Viktor Dukhovni via Postfix-users wrote:

On Wed, May 29, 2024 at 11:58:31AM +1000, Viktor Dukhovni via Postfix-users 
wrote:


You might in fact want to reject XBL IPs early, before they even
attempt authentication.  So I have:

     465        inet  n       -       n       -       -       smtpd
         -o smtpd_delay_reject=no
         -o {smtpd_client_restrictions=reject_rbl_client 
zen.spamhaus.org=127.0.0.4}
         -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
         ...

     submission inet  n       -       n       -       -       smtpd
         -o smtpd_delay_reject=no
         -o {smtpd_client_restrictions=reject_rbl_client 
zen.spamhaus.org=127.0.0.4}
         -o 
smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject


Example logs showing early enforcement for the above:

     postfix/smtps/smtpd[3583655]: connect from unknown[115.44.140.188]
     postfix/smtps/smtpd[3583655]: Anonymous TLS connection established from 
unknown[115.44.140.188]:
         TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
     postfix/smtps/smtpd[3583655]: NOQUEUE: reject: CONNECT from 
unknown[115.44.140.188]:
         554 5.7.1 Service unavailable; Client host [115.44.140.188] blocked 
using zen.spamhaus.org;
         Listed by XBL, see https://check.spamhaus.org/query/ip/115.44.140.188 /
         Listed by CSS, see https://check.spamhaus.org/query/ip/115.44.140.188; 
proto=SMTP
     postfix/smtps/smtpd[3583655]: lost connection after CONNECT from 
unknown[115.44.140.188]
     postfix/smtps/smtpd[3583655]: disconnect from unknown[115.44.140.188] 
commands=0/0

     postfix/submission/smtpd[3583513]: connect from 
burger.census.shodan.io[66.240.219.146]
     postfix/submission/smtpd[3583513]: NOQUEUE: reject: CONNECT from 
burger.census.shodan.io[66.240.219.146]:
         554 5.7.1 Service unavailable; Client host [66.240.219.146] blocked 
using zen.spamhaus.org;
         Listed by CSS, see https://check.spamhaus.org/query/ip/66.240.219.146 /
         Listed by XBL, see https://check.spamhaus.org/query/ip/66.240.219.146; 
proto=SMTP
     postfix/submission/smtpd[3583513]: lost connection after CONNECT from 
burger.census.shodan.io[66.240.219.146]
     postfix/submission/smtpd[3583513]: disconnect from 
burger.census.shodan.io[66.240.219.146] ehlo=0/1 commands=0/1

The wrapper-mode TLS "smtps" rejects are naturally after the TLS handshake.



   465        inet  n       -       n       -       -       smtpd
        -o smtpd_delay_reject=no
        -o {smtpd_client_restrictions=reject_rbl_client 
zen.spamhaus.org=127.0.0.4}
        -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
        ...

    submission inet  n       -       n       -       -       smtpd
        -o smtpd_delay_reject=no
        -o {smtpd_client_restrictions=reject_rbl_client 
zen.spamhaus.org=127.0.0.4}
        -o 
smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject

All set up this way.
I will let it run overnight and see what hits.

Thank you
--john

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org





























					Reply via email to