On 31.10.18 13:16, Jaap Bril wrote:
As a new user (postfix as well as postscreen) I monitor maillog to get
a feel for how things work.
Today I noticed a site trying to AUTH from unknown (and I happen to
know there is no possibly valid user at that address).
I decided to try out blacklisting:
*postscreen_access.cidr:185.36.81.24 reject*
Postscreen at once acknowledged the blacklisting but does not (yet?) block:
Oct 31 12:45:00 hermes postfix/postscreen[7300]: CONNECT from
[185.36.81.24]:58505 to [192.168.30.11]:25
Oct 31 12:45:00 hermes postfix/postscreen[7300]: *BLACKLISTED*
[185.36.81.24]:58505
Oct 31 12:45:01 hermes postfix/postscreen[7300]: *PASS OLD
*[185.36.81.24]:58505
Oct 31 12:45:01 hermes postfix/smtpd/smtpd[7304]: *connect from
unknown*[185.36.81.24]
Oct 31 12:45:01 hermes postfix/smtpd/smtpd[7304]: lost connection
after AUTH from unknown[185.36.81.24]
Oct 31 12:45:01 hermes postfix/smtpd/smtpd[7304]: disconnect from
unknown[185.36.81.24] ehlo=1 auth=0/1 commands=1/2
What am I missing?
http://www.postfix.org/postconf.5.html#postscreen_blacklist_action
postscreen_blacklist_action (default: ignore)
see more in:
http://www.postfix.org/POSTSCREEN_README.html
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."
