David-Paul Niner wrote: > Ki Song wrote: > > [snip] > > >>>You don't. You firewall off the server that's doing the dictionary >>>attack and then your mail server will never see the connections from it, >>>hence no logging. >> >> >>Isn't that just putting a "bandaid" on the problem ... I mean, isn't the >>list of ip addresses that i firewall off eventually going to be too big to >>manage? >> >>If the above isn't true, is there a central location that people can get a >>hold of that has a list of "bad ip" addresses? Similar to Spamassassin's >>list? >> >> >> >>>Paul. >>> >>>-- >>>fedora-list mailing list >>>fedora-list@xxxxxxxxxx >>>To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list >> >> > > In my personal experience, dictionary attacks tend to be (relatively) > short lived, as the script that generate the messages must have a fairly > low time-out. > > Odds are good that the MTA that's trying to connect to your machine is > not a host with a proper MX record, and if it is, it's probably not > configured correctly. You could probably stop postfix from even > accepting connections from it by implementing the recommendations > described here: > > http://www.postfix.org/uce.html > > You could also dive into header_checks as well. > > One positive aspect of implementingthese suggestions is that over time > you should see less and less spam, as your domain gradually falls off > the "known good" lists. > > Best o' luck! > > DP > More to the point, you might want to try (at a minimum), these parameters: smtpd_client_restrictions=permit_mynetworks,reject_unknown_client smtpd_helo_restrictions=permit_mynetworks,reject_invalid_hostname,reject_unknown_hostname smtpd_recipient_restrictions=permit_mynetworks,permit_auth_destination,reject_unauth_destination There are more features available as well, most of which are described in the above link. DP -- David-Paul Niner, RHCE Orange Park, Florida, United States GPG Key ID: 0x106B54E3
