how to protect against directory attack?
in [Postfix]
|
From: "motty.cruz" on 21 Jun 2010 15:59 Hello all, What is the best way to protect against directory attack? Below is my log file and postconf -n! Thanks in advance! Jun 21 12:39:06 machine1 postfix/smtpd[72653]: lost connection after RCPT from unknown[178.122.29.134] Jun 21 12:39:06 machine1 postfix/smtpd[72653]: disconnect from unknown[178.122.29.134] Jun 21 12:39:45 machine1 postfix/smtpd[72653]: connect from ppp-94-69-7-127.home.otenet.gr[94.69.7.127] Jun 21 12:39:46 machine1 postfix/smtpd[72653]: NOQUEUE: reject: RCPT from ppp-94-69-7-127.home.otenet.gr[94.69.7.127]: 550 5.1.1 <franklin(a)domain.com>: Recipient address rejected: User unknown in local recipient table; from=<toothqg(a)reflexa ngelo.com> to=<franklin(a)domain.com> proto=ESMTP helo=<ppp-94-69-8-89.home.otenet.gr> Jun 21 12:39:46 machine postfix/smtpd[72653]: NOQUEUE: reject: RCPT from ppp-94-69-7-127.home.otenet.gr[94.69.7.127]: 550 5.1.1 <frazier(a)domain.com>: Recipient address rejected: User unknown in local recipient table; from=<toothqg(a)reflexan gelo.com> to=<frazier(a)domain.com> proto=ESMTP helo=<ppp-94-69-8-89.home.otenet.gr> Jun 21 12:39:46 machine postfix/smtpd[72653]: NOQUEUE: reject: RCPT from ppp-94-69-7-127.home.otenet.gr[94.69.7.127]: 550 5.1.1 <freeman(a)domain.com>: Recipient address rejected: User unknown in local recipient table; from=<toothqg(a)reflexan gelo.com> to=<freeman(a)domain.com> proto=ESMTP helo=<ppp-94-69-8-89.home.otenet.gr> Jun 21 12:39:47 machine1 postfix/smtpd[72653]: NOQUEUE: reject: RCPT from ppp-94-69-7-127.home.otenet.gr[94.69.7.127]: 550 5.1.1 <franklin(a)domain.com>: Recipient address rejected: User unknown in local recipient table; from=<smilingg983(a)rdcfinehomes.com> to=<franklin(a)domain.com> proto=ESMTP helo=<ppp-94-69-8-89.home.otenet.gr> Machine1# postconf -n alias_database = hash:/usr/local/etc/postfix/aliases alternate_config_directories = /usr/local/etc/postfix-out anvil_rate_time_unit = 2s biff = no command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 disable_vrfy_command = yes html_directory = no in_flow_delay = 1s local_recipient_maps = hash:/usr/local/etc/postfix/userdb, hash:/usr/local/etc/postfix/uservirt mail_owner = postfix mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 50000000 mydestination = domain.com, domain2.com, domain3.com myhostname = machine1.domain.com mynetworks = 127.0.0.0/8, myorigin = domain.com newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_banner = machine.domain.com smtpd_client_restrictions = hash:/usr/local/etc/postfix/access smtpd_error_sleep_time = 0 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit_mynetworks unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550 -Motty
From: Mauricio Tavares on 21 Jun 2010 16:07 On Mon, Jun 21, 2010 at 3:59 PM, motty.cruz <motty.cruz(a)gmail.com> wrote: > Hello all, > What is the best way to protect against directory attack? Below is my log > file and postconf -n! > Thanks in advance! > > Jun 21 12:39:06 machine1 postfix/smtpd[72653]: lost connection after RCPT > from unknown[178.122.29.134] > Jun 21 12:39:06 machine1 postfix/smtpd[72653]: disconnect from > unknown[178.122.29.134] > Jun 21 12:39:45 machine1 postfix/smtpd[72653]: connect from > ppp-94-69-7-127.home.otenet.gr[94.69.7.127] > Jun 21 12:39:46 machine1 postfix/smtpd[72653]: NOQUEUE: reject: RCPT from > ppp-94-69-7-127.home.otenet.gr[94.69.7.127]: 550 > 5.1.1 <franklin(a)domain.com>: Recipient address rejected: User unknown in > local recipient table; from=<toothqg(a)reflexa > ngelo.com> to=<franklin(a)domain.com> proto=ESMTP > helo=<ppp-94-69-8-89.home.otenet.gr> > Jun 21 12:39:46 machine postfix/smtpd[72653]: NOQUEUE: reject: RCPT from > ppp-94-69-7-127.home.otenet.gr[94.69.7.127]: 550 > 5.1.1 <frazier(a)domain.com>: Recipient address rejected: User unknown in > local recipient table; from=<toothqg(a)reflexan > gelo.com> to=<frazier(a)domain.com> proto=ESMTP > helo=<ppp-94-69-8-89.home.otenet.gr> > Jun 21 12:39:46 machine postfix/smtpd[72653]: NOQUEUE: reject: RCPT from > ppp-94-69-7-127.home.otenet.gr[94.69.7.127]: 550 > 5.1.1 <freeman(a)domain.com>: Recipient address rejected: User unknown in > local recipient table; from=<toothqg(a)reflexan > gelo.com> to=<freeman(a)domain.com> proto=ESMTP > helo=<ppp-94-69-8-89.home.otenet.gr> > Jun 21 12:39:47 machine1 postfix/smtpd[72653]: NOQUEUE: reject: RCPT from > ppp-94-69-7-127.home.otenet.gr[94.69.7.127]: 550 5.1.1 > <franklin(a)domain.com>: Recipient address rejected: User unknown in local > recipient table; from=<smilingg983(a)rdcfinehomes.com> > to=<franklin(a)domain.com> proto=ESMTP helo=<ppp-94-69-8-89.home.otenet.gr> > > Machine1# postconf -n > alias_database = hash:/usr/local/etc/postfix/aliases > alternate_config_directories = /usr/local/etc/postfix-out > anvil_rate_time_unit = 2s > biff = no > command_directory = /usr/local/sbin > config_directory = /usr/local/etc/postfix > content_filter = smtp-amavis:[127.0.0.1]:10024 > daemon_directory = /usr/local/libexec/postfix > data_directory = /var/db/postfix > debug_peer_level = 2 > disable_vrfy_command = yes > html_directory = no > in_flow_delay = 1s > local_recipient_maps = hash:/usr/local/etc/postfix/userdb, > hash:/usr/local/etc/postfix/uservirt > mail_owner = postfix > mailq_path = /usr/local/bin/mailq > manpage_directory = /usr/local/man > message_size_limit = 50000000 > mydestination = domain.com, domain2.com, domain3.com > myhostname = machine1.domain.com > mynetworks = 127.0.0.0/8, > myorigin = domain.com > newaliases_path = /usr/local/bin/newaliases > queue_directory = /var/spool/postfix > readme_directory = no > sample_directory = /usr/local/etc/postfix > sendmail_path = /usr/local/sbin/sendmail > setgid_group = maildrop > smtpd_banner = machine.domain.com > smtpd_client_restrictions = hash:/usr/local/etc/postfix/access > smtpd_error_sleep_time = 0 > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, > reject_invalid_hostname > smtpd_recipient_restrictions = permit_mynetworks, > reject_unauth_destination, reject_invalid_hostname, > reject_non_fqdn_hostname, reject_non_fqdn_sender, > reject_non_fqdn_recipient, reject_unknown_sender_domain, > reject_unknown_recipient_domain, > smtpd_sender_restrictions = reject_unknown_sender_domain, > reject_non_fqdn_sender, permit_mynetworks > unknown_address_reject_code = 554 > unknown_client_reject_code = 554 > unknown_hostname_reject_code = 554 > unknown_local_recipient_reject_code = 550 > unverified_recipient_reject_code = 550 > unverified_sender_reject_code = 550 > > -Motty > Have you checked fail2ban?
From: Brian Evans - Postfix List on 21 Jun 2010 16:12 On 6/21/2010 3:59 PM, motty.cruz wrote: > Hello all, > What is the best way to protect against directory attack? Below is my log > file and postconf -n! > Thanks in advance! > > Jun 21 12:39:06 machine1 postfix/smtpd[72653]: lost connection after RCPT > from unknown[178.122.29.134] > Jun 21 12:39:06 machine1 postfix/smtpd[72653]: disconnect from > unknown[178.122.29.134] > Jun 21 12:39:45 machine1 postfix/smtpd[72653]: connect from > ppp-94-69-7-127.home.otenet.gr[94.69.7.127] > Jun 21 12:39:46 machine1 postfix/smtpd[72653]: NOQUEUE: reject: RCPT from > ppp-94-69-7-127.home.otenet.gr[94.69.7.127]: 550 If you can use and abide by their policies, find some Zen :) (zen.spamhaus.org) grknight(a)mx1 ~ $ host 127.7.69.94.zen.spamhaus.org 127.7.69.94.zen.spamhaus.org has address 127.0.0.10
From: mouss on 21 Jun 2010 18:01 motty.cruz a �crit : > Hello all, > What is the best way to protect against directory attack? > [snip] how about: don't care? # postlog.pl Recipient unknown..................: 58.35 % .... it's been so since a long time and the world didn't collapse here.
From: "motty.cruz" on 21 Jun 2010 18:17 Thanks for your response, I was hysterical I thought there was something wrong with my configuration. I been getting lots of bounced emails and believed it was related to directory attack. Thanks, -motty -----Original Message----- From: owner-postfix-users(a)postfix.org [mailto:owner-postfix-users(a)postfix.org] On Behalf Of mouss Sent: Monday, June 21, 2010 3:02 PM To: postfix-users(a)postfix.org Subject: Re: how to protect against directory attack? motty.cruz a écrit : > Hello all, > What is the best way to protect against directory attack? > [snip] how about: don't care? # postlog.pl Recipient unknown..................: 58.35 % ... it's been so since a long time and the world didn't collapse here.
|
Next
|
Last
Pages: 1 2 3 Prev: What are the { curly } brackets for in main.cf? Next: Postfix forward emails |