On 24/05/24 21:32, Matus UHLAR - fantomas via Postfix-users wrote:
On 24.05.24 12:00, Peter via Postfix-users wrote:
And the OP is referring to SASL AUTH attacks which are for submission,
not MX connections.
But some of those log lines mention postfix/smtpd, which means they
happen on port 25
On 2024-05-23 at 20:12:09 UTC-0400 (Fri, 24 May 2024 12:12:09 +1200)
Peter via Postfix-users
is rumored to have said:
On 24/05/24 01:42, Bill Cole via Postfix-users wrote:
[...]
It is also helpful as a matter of system design to decouple user
email addresses from their login usernames. For ex
On 23/05/2024 14:45, Bill Cole via Postfix-users wrote:
is rumored to have said:
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
On 23.05.24 07:00, Northwind via Pos
Zen includes the "PBL" component, which consists largely of
residential and mobile consumer IPs.
On 24/05/24 02:12, Matus UHLAR - fantomas via Postfix-users wrote:
Yes, but these are (usually) not considered valid clients, these
should use submission/submissions(smtps) ports where
reject_rbl_
On 24/05/24 01:42, Bill Cole via Postfix-users wrote:
Likely brute force.
Not exactly.
"Brute force" password cracking is almost never seen today, as it has
been replaced by a practice commonly called "credential stuffing" where
the attacker has some large collection of known-good username+p
On 24/05/24 02:12, Matus UHLAR - fantomas via Postfix-users wrote:
Zen includes the "PBL" component, which consists largely of
residential and mobile consumer IPs.
Yes, but these are (usually) not considered valid clients, these should
use submission/submissions(smtps) ports where reject_rbl_c
Don't accept mail from home networks. For example, use
"reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
On 23.05.24 07:00, Northwind via Postfix-users wrote:
will this also stop the valid client's SMTP connection? thank you
On 2024-05-23 at 02:31:05 UTC-0400 (Thu, 23 May 2024 08:31:05 +0200)
Matus UHLAR - fantomas via Postfix-users
is rumored to have said:
Don't accept mail from home networks. For example, use
"reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver
On 2024-05-22 at 19:03:48 UTC-0400 (Thu, 23 May 2024 11:03:48 +1200)
Peter via Postfix-users
is rumored to have said:
On 23/05/24 10:33, Northwind via Postfix-users wrote:
[...]
The attack continues at this time.
My questions are:
1. what's the purpose of this kind of attack? Brute force pas
That's great info from all you people. many thanks!
>
> On 23/05/24 19:02, Jaroslaw Rafa via Postfix-users wrote:
>
> >
> > In addition I can add one idea:
> >
> > I have had quite a success with a policy server that rejects all
> > connections
> >
> > on submission ports IF it doesn't f
On 23/05/24 19:02, Jaroslaw Rafa via Postfix-users wrote:
In addition I can add one idea:
I have had quite a success with a policy server that rejects all connections
on submission ports IF it doesn't find a currently established IMAP session
from the same IP address. All "normal" mail clients (a
On 23/05/24 16:51, Viktor Dukhovni via Postfix-users wrote:
Dovecot has its own mechanism list, while Postfix has a mechanism list
filter. You should be able to set:
smtp_sasl_mechanism_filter = plain
He's trying to prevent login on smtpd, so the setting should be
smtpd_sasl_mechanism_f
Dnia 23.05.2024 o godz. 15:18:36 Northwind via Postfix-users pisze:
> how to implement that a policy server? thanks.
My script is very simple, I just took a sample policy server script in Perl
included with Postfix distribution and added code to ask Dovecot about
currently active IMAP sessions.
I
how to implement that a policy server? thanks.
In addition I can add one idea:
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Dnia 23.05.2024 o godz. 11:03:48 Peter via Postfix-users pisze:
>
> You can implement a policy daemon (such as postfwd) which can add
> limits to help in case a password does get found. This can shut
> down a user account before it gets used to send too much SPAM.
>
> If you know that all of you
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
On 23.05.24 07:00, Northwind via Postfix-users wrote:
will this also stop the valid client's SMTP connection? thank you W
On 23/05/2024 14:27, Scott Techlist via Postfix-users wrote:
All of these entries are using the LOGIN mech. Unless you have an
extremely old outlook express MUA (or similar) you xan and should be
using the PLAIN mech. You can eliminate all of the above attacks by
removing LOGIN from the list of
On Wed, May 22, 2024 at 11:27:15PM -0500, Scott Techlist via Postfix-users
wrote:
> >All of these entries are using the LOGIN mech. Unless you have an
> >extremely old outlook express MUA (or similar) you xan and should be
> >using the PLAIN mech. You can eliminate all of the above attacks by
>
>All of these entries are using the LOGIN mech. Unless you have an
>extremely old outlook express MUA (or similar) you xan and should be
>using the PLAIN mech. You can eliminate all of the above attacks by
>removing LOGIN from the list of mechs you accept.
Peter:
I too see a lot of these so I w
On 23/05/2024 08:33, Northwind via Postfix-users wrote:
Hello list,
In the last two days, my mail system (small size) met attacks.
mail.log shows a lot of this stuff:
May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Ma
Em 22/05/2024 19:33, Northwind via Postfix-users escreveu:
Hello list,
In the last two days, my mail system (small size) met attacks.
mail.log shows a lot of this stuff:
May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Good ideas. thanks a lot Peter.
Things of note from the log entries above:
1/2 of the entries are from the smtp (port 25) service. This service
should be for MX communication only and should not accept
pauthentication. You can eliminate 1/2 of the attempts just by
disabling authenticatio
On 23/05/24 10:55, Wietse Venema via Postfix-users wrote:
2. How to strengthen email system security to stop this?
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
He's
On 23/05/24 10:33, Northwind via Postfix-users wrote:
Hello list,
In the last two days, my mail system (small size) met attacks.
mail.log shows a lot of this stuff:
May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May
will this also stop the valid client's SMTP connection? thank you Wietse.
Don't accept mail from home networks. For example, use "reject_dbl_client
zen.spamhaus.org". For this you must use your own DNS resolver,
not the DNSresolver from your ISP.
___
Wietse Venema via Postfix-users:
> Northwind via Postfix-users:
> > Hello list,
> >
> > In the last two days, my mail system (small size) met attacks.
> >
> > mail.log shows a lot of this stuff:
> >
> > May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
> > unknown[194.169.175.17]: SASL LOGIN
Northwind via Postfix-users:
> Hello list,
>
> In the last two days, my mail system (small size) met attacks.
>
> mail.log shows a lot of this stuff:
>
> May 23 06:24:29 mx postfix/smtpd[2655149]: warning:
> unknown[194.169.175.17]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
This just wast
27 matches
Mail list logo
