Am 24.06.22 um 22:45 schrieb Sebastian Nielsen via Exim-users:
Best way here is to add your users primary country to the auth_advertise_hosts
list. Could be quite a IP list, but you can store it in a file if you want, by
using a lookup condition.
Then if they travel to a non-approved country,
Am 24.06.22 um 08:08 schrieb Slavko via Exim-users:
That is pretty simple, just add this IP to firewall's DROP. To automatize
its banning, use fail2ban. But be aware, that they will often try from
other IP soon. I have 100 - 800 different IPs per day, most of them
has only one attempt allowed
Ahoj,
Dňa Sun, 26 Jun 2022 10:41:47 -0400 Viktor Dukhovni via Exim-users
napísal:
> On Sun, Jun 26, 2022 at 04:30:14PM +0200, Slavko via Exim-users wrote:
>
> > Not MAY, they SHOULD (if they support it), the 587 is as fallback
> > for old clients only, the 25/tcp is deprecated for MUAs for
> >
On Sun, 26 Jun 2022, Mark Elkins via Exim-users wrote:
Seems I need to do more learning
On 6/26/22 9:19 AM, Andrew C Aitchison via Exim-users wrote:
On Sat, 25 Jun 2022, Mark Elkins via Exim-users wrote:
Not sure if I'm missing the boat or what but - for one of my users to send
email -
On Sun, Jun 26, 2022 at 04:30:14PM +0200, Slavko via Exim-users wrote:
> > it seems
> > there is confusion over the use of this port. I've always assumed
> > that some MTA clients may use port 465 - rather than using port 25.
>
> Not MAY, they SHOULD (if they support it), the 587 is as fallback
Ahoj,
Dňa Sun, 26 Jun 2022 15:52:56 +0200 Mark Elkins via Exim-users
napísal:
> urd 465/tcp smtps ssmtp # URL Rendesvous Directory
> for SSM / smtp protocol over TLS/SSL
> igmpv3lite 465/udp smtps ssmtp # IGMP over UDP for SSM
>
> submission 587/tcp
On Sun, Jun 26, 2022 at 03:52:56PM +0200, Mark Elkins via Exim-users wrote:
> > I am curious. Why do you not allow your users to user port 465 ?
> > RFC 8314 https://datatracker.ietf.org/doc/html/rfc8314#section-7.3
> > repurposed this as a mail *submission* port with Implicit TLS.
>
> Reading
I'm very interested in what you are doing.
My thinking along country blocking for the submission of email addresses
is...
Subscribers have their data in a database. They have a properly secured
web access system to that database for account management purposes
(change their password - etc).
Seems I need to do more learning
On 6/26/22 9:19 AM, Andrew C Aitchison via Exim-users wrote:
On Sat, 25 Jun 2022, Mark Elkins via Exim-users wrote:
Not sure if I'm missing the boat or what but - for one of my users to
send email - they must use mail Submission port 587 - and nothing
On 26/06/2022 08:19, Andrew C Aitchison via Exim-users wrote:
[ I should document CVE-2021-38371:
before exim 4.95 exim probably was exposed to a man-in-the
middle attack on STARTTLS when *sending* email, though it
it is not clear how it could have been exploited.
Indeed, nobody that I
Ahoj,
Dňa Sun, 26 Jun 2022 00:00:40 +0200 Kirill Miazine via Exim-users
napísal:
> According to docs, AuthBL is both:
> "AuthBL is basically that: a collection of bots known to use stolen
> credentials or authentication bruteforce."
Yes, my mistake. I didn't check its docs, only my notes and
On Sat, 25 Jun 2022, Mark Elkins via Exim-users wrote:
Not sure if I'm missing the boat or what but - for one of my users to send
email - they must use mail Submission port 587 - and nothing else. That's on
a server that only listens on port 587. This works fine until a user "shares"
their
• Slavko via Exim-users [2022-06-24 13:24]:
> Dňa 24. júna 2022 9:14:41 UTC používateľ Kirill Miazine via Exim-users
> napísal:
>
> >I've found AuthBL from Spamhaus and Abusix to be very useful.
>
> AFAIK Spamhaus's AuthBL is about hosts, which uses stolen credentials
> (to send SPAM), not
Dňa 25. júna 2022 15:11:34 UTC používateľ Sebastian Nielsen via Exim-users
napísal:
>They seem to use wordlists to hack the password.
Next week will be one year, from distributed attack to my email system starts,
and it is still ongoing. The year is enough time to do with (against) it, but of
Exim-users
Skickat: den 25 juni 2022 10:31
Till: 'Mailing List'
Ämne: Re: [exim] Closing off Port to non-SSL traffic
Not sure if I'm missing the boat or what but - for one of my users to send
email - they must use mail Submission port 587 - and nothing else.
That's on a server that only
On 24/06/2022 21:45, Sebastian Nielsen via Exim-users wrote:
Best way here is to add your users primary country to the auth_advertise_hosts
list. Could be quite a IP list
There exists a DNSBL which converts IPs to countries.
--
Cheers,
Jeremy
--
## List details at
uni 2022 08:19
Till: 'Mailing List'
Ämne: Re: [exim] Closing off Port to non-SSL traffic
Dňa 23. júna 2022 22:15:48 UTC používateľ Sebastian Nielsen via
Exim-users napísal:
I solved that with:
auth_advertise_hosts = 192.168.0.0/16 : 127.0.0.1 : 1
This helps only for single user MTA,
:19
Till: 'Mailing List'
Ämne: Re: [exim] Closing off Port to non-SSL traffic
Dňa 23. júna 2022 22:15:48 UTC používateľ Sebastian Nielsen via Exim-users
napísal:
>I solved that with:
>auth_advertise_hosts = 192.168.0.0/16 : 127.0.0.1 : 1
This helps only for single user MTA, my real
Dňa 24. júna 2022 9:14:41 UTC používateľ Kirill Miazine via Exim-users
napísal:
>I've found AuthBL from Spamhaus and Abusix to be very useful.
AFAIK Spamhaus's AuthBL is about hosts, which uses stolen credentials
(to send SPAM), not those attacking AUTH. While i use it in rsdpamd and MX,
only
• Slavko via Exim-users [2022-06-24 06:08]:
[...]
> That is pretty simple, just add this IP to firewall's DROP. To automatize
> its banning, use fail2ban. But be aware, that they will often try from
> other IP soon. I have 100 - 800 different IPs per day, most of them
> has only one attempt
Dňa 23. júna 2022 22:15:48 UTC používateľ Sebastian Nielsen via Exim-users
napísal:
>I solved that with:
>auth_advertise_hosts = 192.168.0.0/16 : 127.0.0.1 : 1
This helps only for single user MTA, my real users connects even from
multiple countries...
>2022-06-10 23:50:20 SMTP protocol
>>Tedious, isn't it. I get probed by 5000 hosts per day. I've now set
fail2ban to "one strike and you're out".
I solved that with:
auth_advertise_hosts = 192.168.0.0/16 : 127.0.0.1 : 1
Then it doesn't matter if they have the correct password, they wont get
access anyways...
Looks like this
On 2022-06-23, The Doctor via Exim-users wrote:
> Is their a way to close off Port 25 unless you are using SSL?
>
> Heads up
>
> The I caught on porn now pay up scandal is back.
Did it ever go away?
> Further this hackers are maurauding mail servers for usernames
> and passwords to relay their
Is their a way to close off Port 25 unless you are using SSL?
Heads up
The I caught on porn now pay up scandal is back.
Further this hackers are maurauding mail servers for usernames
and passwords to relay their messages.
We all need to closing port 25 to non-SSL traffic.
--
Member - Liberal
24 matches
Mail list logo
