Dnia 24.05.2024 o godz. 20:41:57 Northwind via Postfix-users pisze:
> my guess, submission clients were using ehlo, and a mx client uses
> helo command. so postfix differ them based on this command?
They connect to different Postfix services. Submission clients connect to
port 587 or 465 (or any
On 25/05/2024 20:50, John Hill via Postfix-users wrote:
On 5/25/24 11:22 AM, John Fawcett via Postfix-users wrote:
On 24/05/2024 03:03, John Hill via Postfix-users wrote:
I learn something every time I read this group, when I can keep up
with the conversation!
I had auth on ports I did
On 25/05/2024 23:58, Mike via Postfix-users wrote:
Hello,
My setup like below:
I have Postfix setup and use dovecot as SASL. Now, all email accounts
can use the smtp server to send emails. I want to allow only one email
account to send out emails and rest of others can only use POP3 or
great knowledge. thanks Wietse.
master.cf:
submission ... ... ... ... ... ... smtpd
-o { smtpd_client_restrictions =
check_sasl_access inline:{{ user@example = OK }}
static:{ REJECT this user is not allowed to send mail }
}
Mike via Postfix-users:
> Hello,
>
> My setup like below:
>
> I have Postfix setup and use dovecot as SASL. Now, all email accounts
> can use the smtp server to send emails. I want to allow only one email
> account to send out emails and rest of others can only use POP3 or IMAP.
>
> How can I
Mike via Postfix-users skrev den 2024-05-25 23:58:
How can I make that?
check_sasl_access https://wiki.zimbra.com/wiki/How-to-restrict-ssl-login
imho same you want ?
just replace reject with permit, and reject all remaining if sasl user
is not that user
On 26/05/24 09:58, Mike via Postfix-users wrote:
Hello,
My setup like below:
I have Postfix setup and use dovecot as SASL. Now, all email accounts
can use the smtp server to send emails. I want to allow only one email
account to send out emails and rest of others can only use POP3 or IMAP.
iptables?
I have Postfix setup and use dovecot as SASL. Now, all email accounts
can use the smtp server to send emails. I want to allow only one email
account to send out emails and rest of others can only use POP3 or IMAP.
___
Postfix-users
Hello,
My setup like below:
I have Postfix setup and use dovecot as SASL. Now, all email accounts
can use the smtp server to send emails. I want to allow only one email
account to send out emails and rest of others can only use POP3 or IMAP.
How can I make that?
Thanks
On 5/25/24 3:54 PM, Wietse Venema via Postfix-users wrote:
John Hill via Postfix-users:
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
Is this the same thing?
See https://www.spamhaus.org/faqs/dnsbl-usage/#200 for a table
with the purpose of different lookup results.
To block xbl
John Hill via Postfix-users:
> > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]
> Is this the same thing?
See https://www.spamhaus.org/faqs/dnsbl-usage/#200 for a table
with the purpose of different lookup results.
To block xbl listed clients with postscreen, one would configure
On 5/25/24 11:22 AM, John Fawcett via Postfix-users wrote:
On 24/05/2024 03:03, John Hill via Postfix-users wrote:
I learn something every time I read this group, when I can keep up
with the conversation!
I had auth on ports I did not need. I use auth on submission port
587, for users
On 24/05/2024 03:03, John Hill via Postfix-users wrote:
I learn something every time I read this group, when I can keep up
with the conversation!
I had auth on ports I did not need. I use auth on submission port 587,
for users access.
I do get a boat load of failed login attempts on 587.
yes I am using smtps as service name indeed.
and smtps has -o smtpd_sasl_auth_enable=yes enabled.
Thanks peter.
On postfix 3.4 submissions was actually called smtps so you want to
enable it in the smtps section (there won't be a submissions entry in
your master.cf unless you added it).
On 25/05/24 01:37, Matus UHLAR - fantomas via Postfix-users wrote:
He mentioned that on postfix with "smtpd_tls_auth_only=yes" (the
default) authentication is only available when TLS is active
The default is no, but it is very common to have it set to yes.
Peter
On 25/05/24 09:50, Northwind via Postfix-users wrote:
just to clarify, submissions is not required to set for enabling
sasl_auth on port 465/587. i have tested it, no need to set a separated
submissions.
Incorrect. submission is *only* port 587, submissions is port 465.
my postfix
On 25/05/24 01:12, Benny Pedersen via Postfix-users wrote:
Stephan Seitz via Postfix-users skrev den 2024-05-24 15:01:
Carefull, if you have „smtpd_tls_auth_only = yes” (I think), then
you’ll see AUTH after STARTTLS…
port 25 must not be tls only
Since authentication should never be done on
On 25/05/24 00:43, Benny Pedersen via Postfix-users wrote:
Northwind via Postfix-users skrev den 2024-05-24 14:37:
and restarted postfix.
now I think it should be working.
telnet localhost 25
ehlo localhost
if you see AUTH in ehlo results it not done yet
no AUTH results take another beer
On 25/05/24 00:29, Benny Pedersen via Postfix-users wrote:
Northwind via Postfix-users skrev den 2024-05-24 14:17:
so, in main.cf:
smtpd_sasl_auth_enable=no
comment this out in main.cf, it already default no
It's fine to have it, it's simply redundant.
Peter
On 25/05/24 00:17, Northwind via Postfix-users wrote:
so, in main.cf:
smtpd_sasl_auth_enable=no
Yes, although the setting is redundant here since it defaults to no
anyways it's fine to explicitly state it if you want.
then in master.cf:
submission inet n - y - -
On 24/05/24 21:32, Matus UHLAR - fantomas via Postfix-users wrote:
On 24.05.24 12:00, Peter via Postfix-users wrote:
And the OP is referring to SASL AUTH attacks which are for submission,
not MX connections.
But some of those log lines mention postfix/smtpd, which means they
happen on port
just to clarify, submissions is not required to set for enabling
sasl_auth on port 465/587. i have tested it, no need to set a separated
submissions.
my postfix version:
version 3.4.13
thanks
submissions inet n - y - - smtpd
On 5/24/24 9:33 AM, Matus UHLAR - fantomas via Postfix-users wrote:
On 24.05.24 07:36, John Hill via Postfix-users wrote:
What command do you use to reset the connection?
no command, just rule in OUTPUT chain:
1710 649K REJECT 6 -- * * 0.0.0.0/0
0.0.0.0/0
On 5/24/24 06:51, Benny Pedersen via Postfix-users wrote:
Authentication-Results list.sys4.de; dkim=pass header.d=junc.eu;
arc=none (Message is not ARC signed); dmarc=pass (Used From Domain
Record) header.from=junc.eu policy.dmarc=reject
where comes REJECT from ?
You might consider asking
On 2024-05-23 at 20:12:09 UTC-0400 (Fri, 24 May 2024 12:12:09 +1200)
Peter via Postfix-users
is rumored to have said:
On 24/05/24 01:42, Bill Cole via Postfix-users wrote:
[...]
It is also helpful as a matter of system design to decouple user
email addresses from their login usernames. For
Am Fr, Mai 24, 2024 at 15:12:31 +0200 schrieb Benny Pedersen via Postfix-users:
Stephan Seitz via Postfix-users skrev den 2024-05-24 15:01:
Carefull, if you have „smtpd_tls_auth_only = yes” (I think), then
you’ll see AUTH after STARTTLS…
port 25 must not be tls only
I didn’t say that, but
Stephan Seitz via Postfix-users skrev den 2024-05-24 15:01:
Carefull, if you have „smtpd_tls_auth_only = yes” (I think), then
you’ll see AUTH after STARTTLS…
On 24.05.24 15:12, Benny Pedersen via Postfix-users wrote:
port 25 must not be tls only
if its needed use another port for tls only
Thank you so much.
This is really important.
>
> Le 24/05/2024 à 14:17, Northwind via Postfix-users a écrit :
>
> >
> > so, in main.cf:
> >
> > smtpd_sasl_auth_enable=no
> >
> > then in master.cf:
> >
> > submission inet n - y - - smtpd
> >
> > -o
On 24.05.24 20:41, Northwind via Postfix-users wrote:
my guess, submission clients were using ehlo, and a mx client uses
helo command. so postfix differ them based on this command?
EHLO is the extended HELO, supports SMTP extensions. Mail clients just like
servers may use either, but nowadays
On 24.05.24 07:36, John Hill via Postfix-users wrote:
What command do you use to reset the connection?
no command, just rule in OUTPUT chain:
1710 649K REJECT 6-- * * 0.0.0.0/00.0.0.0/0
tcp spt:25 match-set block-smtp dst reject-with
Le 24/05/2024 à 14:17, Northwind via Postfix-users a écrit :
so, in main.cf:
smtpd_sasl_auth_enable=no
then in master.cf:
submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
Am I right? does this disable sasl_auth for port 25, but still
authorize
Stephan Seitz via Postfix-users skrev den 2024-05-24 15:01:
Carefull, if you have „smtpd_tls_auth_only = yes” (I think), then
you’ll see AUTH after STARTTLS…
port 25 must not be tls only
if its needed use another port for tls only
___
Am Fr, Mai 24, 2024 at 20:48:16 +0800 schrieb Northwind via Postfix-users:
ehlo localhost.localdomain
250-mx.domain.xyz
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
no AUTH was there. so it should be working. :)
Carefull, if
ehlo localhost.localdomain
250-mx.domain.xyz
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
no AUTH was there. so it should be working. :)
if you see AUTH in ehlo results it not done yet
Northwind via Postfix-users skrev den 2024-05-24 14:37:
and restarted postfix.
now I think it should be working.
telnet localhost 25
ehlo localhost
if you see AUTH in ehlo results it not done yet
no AUTH results take another beer :)
___
my guess, submission clients were using ehlo, and a mx client uses helo
command. so postfix differ them based on this command?
regards.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to
root@mx:/etc/postfix# vi main.cf
root@mx:/etc/postfix# vi master.cf
root@mx:/etc/postfix# service postfix restart
i have comment out this line in main.cf:
#smtpd_sasl_auth_enable = yes
And enable this in master.cf:
submission inet n - y - - smtpd
-o
Northwind via Postfix-users skrev den 2024-05-24 14:17:
so, in main.cf:
smtpd_sasl_auth_enable=no
comment this out in main.cf, it already default no
then in master.cf:
submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
Am I right?
yes
does
so, in main.cf:
smtpd_sasl_auth_enable=no
then in master.cf:
submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
Am I right? does this disable sasl_auth for port 25, but still authorize
users on port 587/465?
Thanks a lot.
Many moons ago I was
What command do you use to reset the connection?
On 5/24/24 6:18 AM, Matus UHLAR - fantomas via Postfix-users wrote:
On 23.05.24 21:03, John Hill via Postfix-users wrote:
I use Fail2Ban to block the failed IP. The script writes it into the
nftables table immediately.
I think this keeps
Authentication-Results list.sys4.de; dkim=pass header.d=junc.eu;
arc=none (Message is not ARC signed); dmarc=pass (Used From Domain
Record) header.from=junc.eu policy.dmarc=reject
where comes REJECT from ?
___
Postfix-users mailing list --
Allen Coates via Postfix-users skrev den 2024-05-24 11:51:
Many moons ago I was told to put "smtpd_sasl_auth_enable=no" in
main.cf, blocking the function everywhere, and then put "-o
smtpd_sasl_auth_enable=yes" in the submission stanza(s) in master.cf,
expressly enabling it *just* there.
On 24/05/2024 03:15, Peter via Postfix-users wrote:
No you definately should disable auth on port 25 regardless. It is
possible for postscreen to pass a connection to smtpd and smtpd can
*then* offer auth.
To answer your original question, you can just set -o
smtpd_sasl_auth_enable=no in
On 23.05.24 21:03, John Hill via Postfix-users wrote:
I use Fail2Ban to block the failed IP. The script writes it into the
nftables table immediately.
I think this keeps Postfix waiting and times out, not a big deal. Is
there a cli that my bash script could force disconnect the ip from
On 24/05/2024 03:15, Peter via Postfix-users wrote:
No you definately should disable auth on port 25 regardless. It is possible for postscreen to pass a connection to
smtpd and smtpd can *then* offer auth.
To answer your original question, you can just set -o smtpd_sasl_auth_enable=no in
On 23/05/2024 14:45, Bill Cole via Postfix-users wrote:
is rumored to have said:
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
On 23.05.24 07:00, Northwind via
Zen includes the "PBL" component, which consists largely of
residential and mobile consumer IPs.
On 24/05/24 02:12, Matus UHLAR - fantomas via Postfix-users wrote:
Yes, but these are (usually) not considered valid clients, these
should use submission/submissions(smtps) ports where
On 24/05/24 13:08, Northwind via Postfix-users wrote:
do you mean since I have been using postscreen, there is no need to
manually disable authentication on port 25? since postscreen doesn't
have auth support.
No you definately should disable auth on port 25 regardless. It is
possible for
Will do it. Tonight.
Thanks
On May 23, 2024 9:11 PM, Wietse Venema via Postfix-users
wrote:
John Hill via Postfix-users:
> I learn something every time I read this group, when I can keep up with
> the conversation!
>
> I had auth on ports I did not need. I use auth on submission port
John Hill via Postfix-users:
> I learn something every time I read this group, when I can keep up with
> the conversation!
>
> I had auth on ports I did not need. I use auth on submission port 587,
> for users access.
>
> I do get a boat load of failed login attempts on 587. Funny how a China,
do you mean since I have been using postscreen, there is no need to
manually disable authentication on port 25? since postscreen doesn't
have auth support.
Thanks Wietse.
As documnented somewhere, postscreen never announces AUTH support.
___
I learn something every time I read this group, when I can keep up with
the conversation!
I had auth on ports I did not need. I use auth on submission port 587,
for users access.
I do get a boat load of failed login attempts on 587. Funny how a China,
US, Argentina, you name it, hosts, will
Northwind via Postfix-users:
> Hello,
>
> since my smtp instance is postscreen as showing the follow,
>
> smtp inet n - y - 1 postscreen
>
>
> How can I disable authentication on port 25 then?
>
> I know if the smtp instance is smtpd, this option should
On 24/05/24 01:42, Bill Cole via Postfix-users wrote:
Likely brute force.
Not exactly.
"Brute force" password cracking is almost never seen today, as it has
been replaced by a practice commonly called "credential stuffing" where
the attacker has some large collection of known-good
Hello,
since my smtp instance is postscreen as showing the follow,
smtp inet n - y - 1 postscreen
How can I disable authentication on port 25 then?
I know if the smtp instance is smtpd, this option should work:
-o smtpd_sasl_auth_enable=no
Thank you.
On 24/05/24 02:12, Matus UHLAR - fantomas via Postfix-users wrote:
Zen includes the "PBL" component, which consists largely of
residential and mobile consumer IPs.
Yes, but these are (usually) not considered valid clients, these should
use submission/submissions(smtps) ports where
On Thu, May 23, 2024 at 05:48:29PM -0400, Wietse Venema via Postfix-users wrote:
> Greg Sims via Postfix-users:
> > We see conn_use about 24% of the time:
>
> But none of the sessions shown in your message have that.
>
> Do they also have multiple-of-5-second type 'c' delays?
Indeed those
Greg Sims via Postfix-users:
> We see conn_use about 24% of the time:
But none of the sessions shown in your message have that.
Do they also have multiple-of-5-second type 'c' delays?
Wietse
___
Postfix-users mailing list --
Pedro David Marco via Postfix-users:
> Hi all,
> is it possible to have several Postfix instances to use a centralized
> Postfix server for address verification probes when this centralized
> server is NOT an MDA but a relay to external MDAs?
You can specify address_verify_relayhost and the like,
You have been perfectly clear. As outlined in DSN_README, the RFC
does not support a way to selectively disable SUCCESS notification.
Postfix is not just a bunch of random hacks thrown together. You
are free to use a different mail system.
Wietse
On Thu, May 23, 2024 at 7:07 AM Greg Sims wrote:
>
> Thank you Viktor. All recommended changes have been made. I hope to
> collect useful "collate" data with our next distribution at Noon today
> pacific.
>
Still having problems with the inbound smtpd from our private network
flooding
Hi all,
is it possible to have several Postfix instances to use a centralized Postfix
server for address verification probes when this centralized server is NOT an
MDA but a relay to external MDAs?
Thanks in advance!
Pete.
___
Postfix-users mailing
On 23.05.24 20:51, Alexander Kolesnikov via Postfix-users wrote:
23.05.2024 19:06, Wietse Venema via Postfix-users пишет:
Aleksandr Kolesnikov via Postfix-users:
if the user requests a DSN, he receives a delivery message via the
...
how to prohibit the sending of such DSN?
Perhaps:
Don't accept mail from home networks. For example, use
"reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
On 23.05.24 07:00, Northwind via Postfix-users wrote:
will this also stop the valid client's SMTP connection? thank you
23.05.2024 15:38, Kevin Cousin via
Postfix-users пишет:
Le 2024-05-21T22:50:48.000+02:00, Wietse Venema via
Postfix-users a écrit :
Kevin Cousin via Postfix-users:
23.05.2024 19:06, Wietse Venema via
Postfix-users пишет:
Aleksandr Kolesnikov via Postfix-users:
if the user requests a DSN, he receives a delivery message via the
...
how to prohibit the sending of such DSN?
On 2024-05-23 at 02:31:05 UTC-0400 (Thu, 23 May 2024 08:31:05 +0200)
Matus UHLAR - fantomas via Postfix-users
is rumored to have said:
Don't accept mail from home networks. For example, use
"reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver
On 2024-05-22 at 19:03:48 UTC-0400 (Thu, 23 May 2024 11:03:48 +1200)
Peter via Postfix-users
is rumored to have said:
On 23/05/24 10:33, Northwind via Postfix-users wrote:
[...]
The attack continues at this time.
My questions are:
1. what's the purpose of this kind of attack? Brute force
Thank you Viktor. All recommended changes have been made. I hope to
collect useful "collate" data with our next distribution at Noon today
pacific.
I hope you have a great day! Greg
> [root@mail01 postfix]# postconf -nf
>
> [root@mail01 postfix]# postconf -Mf
Aleksandr Kolesnikov via Postfix-users:
> if the user requests a DSN, he receives a delivery message via the
...
> how to prohibit the sending of such DSN?
Perhaps: https://www.postfix.org/DSN_README.html
Wietse
___
Postfix-users mailing
That's great info from all you people. many thanks!
>
> On 23/05/24 19:02, Jaroslaw Rafa via Postfix-users wrote:
>
> >
> > In addition I can add one idea:
> >
> > I have had quite a success with a policy server that rejects all
> > connections
> >
> > on submission ports IF it doesn't
On 23/05/24 19:02, Jaroslaw Rafa via Postfix-users wrote:
In addition I can add one idea:
I have had quite a success with a policy server that rejects all connections
on submission ports IF it doesn't find a currently established IMAP session
from the same IP address. All "normal" mail clients
On 23/05/24 16:51, Viktor Dukhovni via Postfix-users wrote:
Dovecot has its own mechanism list, while Postfix has a mechanism list
filter. You should be able to set:
smtp_sasl_mechanism_filter = plain
He's trying to prevent login on smtpd, so the setting should be
Dnia 23.05.2024 o godz. 15:18:36 Northwind via Postfix-users pisze:
> how to implement that a policy server? thanks.
My script is very simple, I just took a sample policy server script in Perl
included with Postfix distribution and added code to ask Dovecot about
currently active IMAP sessions.
Le 2024-05-21T22:50:48.000+02:00, Wietse Venema via Postfix-users
a écrit :
> Kevin Cousin via Postfix-users:
>> Hi,
>>
>> We are using Postfix as relay for our internal apps. This apps
>> are
>>
>> sending mails to final users with from nore...@example.net, but
>>
>> sometimes,
how to implement that a policy server? thanks.
In addition I can add one idea:
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Dnia 23.05.2024 o godz. 11:03:48 Peter via Postfix-users pisze:
>
> You can implement a policy daemon (such as postfwd) which can add
> limits to help in case a password does get found. This can shut
> down a user account before it gets used to send too much SPAM.
>
> If you know that all of
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
On 23.05.24 07:00, Northwind via Postfix-users wrote:
will this also stop the valid client's SMTP connection? thank you
On 23/05/2024 14:27, Scott Techlist via Postfix-users wrote:
All of these entries are using the LOGIN mech. Unless you have an
extremely old outlook express MUA (or similar) you xan and should be
using the PLAIN mech. You can eliminate all of the above attacks by
removing LOGIN from the list
On Wed, May 22, 2024 at 11:27:15PM -0500, Scott Techlist via Postfix-users
wrote:
> >All of these entries are using the LOGIN mech. Unless you have an
> >extremely old outlook express MUA (or similar) you xan and should be
> >using the PLAIN mech. You can eliminate all of the above attacks by
>All of these entries are using the LOGIN mech. Unless you have an
>extremely old outlook express MUA (or similar) you xan and should be
>using the PLAIN mech. You can eliminate all of the above attacks by
>removing LOGIN from the list of mechs you accept.
Peter:
I too see a lot of these so I
Hi All,
the resubmit service is configured in master.cf:
resubmit unix - n n - 10 pipe
flags=Rq user=nobody null_sender=
argv=/usr/local/libexec/resubmit_mail.sh -N success --
${recipient}
if the user requests a DSN,
On Wed, May 22, 2024 at 12:19:03PM -0500, Greg Sims wrote:
> [root@mail01 postfix]# postconf -nf
> maximal_backoff_time = 16m
> minimal_backoff_time = 2m
> queue_run_delay = 2m
FWIW (not related to your immediate issue) I would not recommend such a
short maximal backoff, you're
On 23/05/2024 08:33, Northwind via Postfix-users wrote:
Hello list,
In the last two days, my mail system (small size) met attacks.
mail.log shows a lot of this stuff:
May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Em 22/05/2024 19:33, Northwind via Postfix-users escreveu:
Hello list,
In the last two days, my mail system (small size) met attacks.
mail.log shows a lot of this stuff:
May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
unknown[194.169.175.17]: SASL LOGIN authentication failed:
Good ideas. thanks a lot Peter.
Things of note from the log entries above:
1/2 of the entries are from the smtp (port 25) service. This service
should be for MX communication only and should not accept
pauthentication. You can eliminate 1/2 of the attempts just by
disabling
On 23/05/24 10:55, Wietse Venema via Postfix-users wrote:
2. How to strengthen email system security to stop this?
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
On 23/05/24 10:33, Northwind via Postfix-users wrote:
Hello list,
In the last two days, my mail system (small size) met attacks.
mail.log shows a lot of this stuff:
May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May
will this also stop the valid client's SMTP connection? thank you Wietse.
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
Wietse Venema via Postfix-users:
> Northwind via Postfix-users:
> > Hello list,
> >
> > In the last two days, my mail system (small size) met attacks.
> >
> > mail.log shows a lot of this stuff:
> >
> > May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
> > unknown[194.169.175.17]: SASL LOGIN
Northwind via Postfix-users:
> Hello list,
>
> In the last two days, my mail system (small size) met attacks.
>
> mail.log shows a lot of this stuff:
>
> May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
> unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
This just
Greg Sims via Postfix-users:
> > It is assumed that you're not a victim of systemd-journald log mangling.
> > It may be dropping some messages, and recording others out of order,
> > breaking "collate". On Linux systems where systemd is doing the
> > logging, you'll want to have Postfix writing
Hello list,
In the last two days, my mail system (small size) met attacks.
mail.log shows a lot of this stuff:
May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 23 06:24:37 mx postfix/smtps/smtpd[2655958]: warning:
Alexander Leidinger via Postfix-users wrote in
:
|Am 2024-05-22 01:22, schrieb Greg Sims via Postfix-users:
|> TLS connection reuse is being used. About 10% of the connections are
|> reused for large volume ISPs. Small volume ISPs do not see connection
|> reuse. I believe this is as
> It is assumed that you're not a victim of systemd-journald log mangling.
> It may be dropping some messages, and recording others out of order,
> breaking "collate". On Linux systems where systemd is doing the
> logging, you'll want to have Postfix writing its own log files directly,
>
> This is perhaps a good time to ask you for your full configuration,
> not just cherry-picked individual settings. Please post the outputs of:
>
> $ postconf -nf
> $ postconf -Mf
>
> with all whitespace (including linebreaks) preserved.
[root@mail01 postfix]# postconf -nf
>
> If the delay is with sending or receiving RSET, then the SMTP client
> log "conversation with XXX timed out". I don't know if that has a
> queue ID logged with that, though. Just grep for 'conversation with'.
[root@mail01 postfix]# journalctl -u postfix.service | grep 'conversation with'
Wietse Venema via Postfix-users:
> Greg Sims via Postfix-users:
> > May 22 03:13:22 mail01.raystedman.org t123/smtp[46725]:
> > 604BE30A4ACA: to=<@gmail.com>,
> > relay=gmail-smtp-in.l.google.com[142.251.2.26]:25, conn_use=2,
> > delay=1576, delays=0.05/1550/25/0.84, dsn=2.0.0, status=sent (250
Le 2024-05-22T10:15:34.000+02:00, Matus UHLAR - fantomas via
Postfix-users a écrit :
> On 21.05.24 15:13, Kevin Cousin via Postfix-users wrote:
>> We are using Postfix as relay for our internal apps. This apps
>> are
>>
>> sending mails to final users with from nore...@example.net, but
>>
> It is assumed that you're not a victim of systemd-journald log mangling.
> It may be dropping some messages, and recording others out of order,
> breaking "collate". On Linux systems where systemd is doing the
> logging, you'll want to have Postfix writing its own log files directly,
>
1 - 100 of 96294 matches
Mail list logo