>
> Michael Orlitzky:
If you want something more generic than what's already in postfix, the
> next level up is probably iptables.
I was looking for something with host lookup capability and tcp wrappers
was exactly the thing. There were allow/deny.hosts files present in the
system, which made
Generic approach to system administration and access control
reconfiguration at runtime (without service reload).
вт, 16 февр. 2021 г. в 01:24, Bob Proulx :
> Eugene Podshivalov wrote:
> > Is it by chance possible that tcp wrappers will be supported in future at
> > least a
Is it by chance possible that tcp wrappers will be supported in future at
least as an optionally compiled feature?
пн, 8 февр. 2021 г. в 23:00, Eugene Podshivalov :
> Thanks, Noel! Your comments are helpful indeed.
>
> пн, 8 февр. 2021 г. в 22:37, Noel Jones :
>
>>
>&
<https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
пт, 12 февр. 2021 г. в 19:43, Eugene Podshivalov :
> Wietse:
>> smtpd does not resolve any mappings.
>
> If a sender address is mapped
avast.ru
<https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
пт, 12 февр. 2021 г. в 19:32, Wietse Venema :
> Eugene Podshivalov:
> > Another somewhat related question is: in order to probe the smtpd ne
the smtpd needs to
resolve all virtual etc. mappings which is also done by the cleanup. Is
this resolution done twice in this case?
пт, 12 февр. 2021 г. в 02:48, Wietse Venema :
> Eugene Podshivalov:
> > >
> > > Wietse:
> >
> > The address can be transformed
as well, don't they? But
still no probe is done for them.
Is it because local messages are considered more trusted then relay ones,
or maybe some other silent verification mechanisms are utilized for them
which cannot be used for relay ones?
чт, 11 февр. 2021 г. в 23:48, Wietse Venema :
>
itself.
чт, 11 февр. 2021 г. в 22:58, Wietse Venema :
> Eugene Podshivalov:
> > Let me put it this way: does Postfix do probe for outgoing mail?
>
> reject_unverified_recipient and reject_unverified_sender make no
> such distinction. That is a feature, not a bug.
>
> rej
Let me put it this way: does Postfix do probe for outgoing mail?
чт, 11 февр. 2021 г. в 21:35, Wietse Venema :
> Eugene Podshivalov:
> > I meant Postfix probes use a sender address even when it is a local one.
> > Example from logs:
> >
> > > postfix/qmgr[20192]:
=deliverable (delivers
> to mailbox)
чт, 11 февр. 2021 г. в 20:58, Wietse Venema :
> Eugene Podshivalov:
> > When reject_unverified_sender param is set and an email is sent on behalf
> > of the server the double-bounce check is still performed (i.e. sent to
> > itself).
When reject_unverified_sender param is set and an email is sent on behalf
of the server the double-bounce check is still performed (i.e. sent to
itself).
Is this all right?
Eugene
; on behalf of Viktor Dukhovni
> *Sent:* Wednesday, February 10, 2021 18:39
> *To:* postfix-users@postfix.org
> *Subject:* Re: client and ehlo hostname mismatch
>
> > On Feb 10, 2021, at 9:38 PM, Eugene Podshivalov
> wrote:
> >
> > Are there any wise cases
Are there any wise cases for a legitimate client to provide a valid ehlo
hostname (which maps to some address) but that address will differ from the
address it connects from?
чт, 11 февр. 2021 г. в 01:01, Bob Proulx :
> Eugene Podshivalov wrote:
> > Then what is the sense
>
> Viktor Dukhovni:
> Postfix can check that the EHLO name resolves to some IP address.
Then what is the sense of doing this if the name can be whoever else's name?
чт, 11 февр. 2021 г. в 00:03, Viktor Dukhovni :
> On Wed, Feb 10, 2021 at 11:59:39PM +0300, Eugene Podsh
февр. 2021 г. в 23:38, Viktor Dukhovni :
> On Wed, Feb 10, 2021 at 01:20:23PM -0700, Bob Proulx wrote:
> > Eugene Podshivalov wrote:
> > > I've just received a spam email from a client who presented itself as
> > > emx.mail.ru but its ip 117.30.137.22 resolves to
Hello,
I've just received a spam email from a client who presented itself as
emx.mail.ru but its ip 117.30.137.22 resolves to
22.137.30.117.broad.xm.fj.dynamic.163data.com.cn
Are reverse client hostname and the ehlo one not supposed to match?
--Eugene
Thanks, Noel! Your comments are helpful indeed.
пн, 8 февр. 2021 г. в 22:37, Noel Jones :
>
> On 2/8/2021 11:45 AM, Eugene Podshivalov wrote:
> > Thanks for the explanation, Wietse.
> >
> > Probably the issue is just with the logging levels.
> > My cur
1 г. в 19:39, Wietse Venema :
> Eugene Podshivalov:
> > Have read through the postscreen documentation closely and got it setup
> and
> > running already, but could not find the three major possibilities
> provided
> > by the tcp wrappers:
> > 1. block by hostna
Do you mean with the help of reject_unknown_client_hostname
and check_sender_access params?
пн, 8 февр. 2021 г. в 16:37, Matus UHLAR - fantomas :
> On 08.02.21 16:27, Eugene Podshivalov wrote:
> >Have read through the postscreen documentation closely and got it setup
> and
> &
st two produce the major bulk of spambot connections.
Are there any other means to achieve these?
пн, 8 февр. 2021 г. в 12:14, Eugene Podshivalov :
> I'm new to postscreen and it's what I was looking for. Thanks a lot for
> the answers!
>
> пн, 8 февр. 2021 г. в 11:22, Dominic Rafe
I'm new to postscreen and it's what I was looking for. Thanks a lot for the
answers!
пн, 8 февр. 2021 г. в 11:22, Dominic Raferd :
> On 08/02/2021 08:04, Eugene Podshivalov wrote:
> > There are a bunch of spiders and spammers nowadays which are knocking
> > the service every hour
those out by UFW but dynamic addresses make it quite inefficient.
Regards,
Eugene
пн, 8 февр. 2021 г. в 04:01, Viktor Dukhovni :
> On Mon, Feb 08, 2021 at 02:17:46AM +0300, Eugene Podshivalov wrote:
>
> > Are there any reasons not to have Postfix compiled with TCP wrappers?
>
>
Hi all,
Are there any reasons not to have Postfix compiled with TCP wrappers?
Regards,
Eugene
ds
<https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=webmail>
Без
вирусов. www.avast.ru
<https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
пн, 23 нояб. 2020 г. в 17:4
Hi all,
I have the following config
> smtpd_client_restrictions =
> reject_unknown_client_hostname
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
> reject_invalid_helo_hostname,
> reject_non_fqdn_helo_hostname,
> reject_unknown_helo_hostname
> smtpd_sender_restrictions =
Hi,
Is there a way to block spam messages like this?
Probably "receiver=" spf param might be the clue.
postfix/smtpd[15571]: connect from a.benient.com[198.144.154.163]
postfix/smtpd[15571]: Anonymous TLS connection established from
a.benient.com[198.144.154.163]: TLSv1 with cipher
26 matches
Mail list logo