Re: Blocking "unknown"

I'm going to leave this to the gurus. But here is what I know: I didn't check the port when I did the grep. I just searched for the 0/1 pattern. That said, I used my ipfw table to block port 25, and /var/log/security is getting hits on that rule.  The "normal" mail is going through, so I did

Re: Blocking "unknown"

Hi, On Fri, Sep 30, 2016 at 8:08 PM, li...@lazygranch.com wrote: > On Fri, 30 Sep 2016 06:26:35 -0400 > Postfix User wrote: > >> Postfix-3.2-20160917 with FreeBSD-11.0 /64 bit >> >> Lately, I have been finding the following entries in the

Re: Blocking "unknown"

On Sat, 1 Oct 2016 10:59:02 +0100 Allen Coates wrote: > > > On 01/10/16 10:37, Postfix User wrote: > > On Fri, 30 Sep 2016 17:08:05 -0700, li...@lazygranch.com stated: > > > >> This will pull these hackers off your maillog. > >> bzgrep -e auth=0/1 maillog* | sed

Re: DANE vs WebPKI (was: WoSign/StartCom CA in the news, let's wind this thread down...)

> On Oct 1, 2016, at 11:01 AM, li...@lazygranch.com wrote: > > On the latest "Security Now" podcast, Steve Gibson's makes noises about > DNSSEC/DANE replacing certs, but not in detail. I think that this thread, which was only tenuously connected to Postfix in the first place, is no longer

Re: WoSign/StartCom CA in the news

‎On the latest "Security Now" podcast, Steve Gibson's makes noises about DNSSEC/DANE replacing certs, but not in detail. You can search for DANE in the transcript. I don't recall if he ever explained this in detail, and if he did, I probably wouldn't understand.

Re: Blocking nobody - sometimes

On 10/01/2016 12:47 PM, D'Arcy J.M. Cain wrote: > I am having trouble figuring out how to do do this. Hopefully someone > here can help me figure it out. The problem is email coming from my > web server. I use "permit_mynetworks" in all of the restrictions > entries but that's a bit too

Blocking nobody - sometimes

I am having trouble figuring out how to do do this. Hopefully someone here can help me figure it out. The problem is email coming from my web server. I use "permit_mynetworks" in all of the restrictions entries but that's a bit too liberal. In particular I have a web server where many clients

Re: WoSign/StartCom CA in the news

On 09/30/2016 06:52 AM, John @ KLaM wrote: Yes, I understand DANE can be used for MTAs. My musing is could it completely replace the existing CA mess, and I suppose the follow up is how? I do not see it as a replacement for the CA mess but rather as a form of 2-factor authentication.

Re: Blocking "unknown"

On 01/10/16 10:37, Postfix User wrote: > On Fri, 30 Sep 2016 17:08:05 -0700, li...@lazygranch.com stated: > >> This will pull these hackers off your maillog. >> bzgrep -e auth=0/1 maillog* | sed 's/.*\[\([^]]*\)\].*/\1/g' >iplist >> sort iplist | uniq > Great idea. I modified it slightly since

Re: Blocking "unknown"

On Fri, 30 Sep 2016 17:08:05 -0700, li...@lazygranch.com stated: >This will pull these hackers off your maillog. >bzgrep -e auth=0/1 maillog* | sed 's/.*\[\([^]]*\)\].*/\1/g' >iplist >sort iplist | uniq Great idea. I modified it slightly since the "sort" was not working correctly here. I make a