Thoughts appreciated on my ongoing setting up of self / home hosted
email... It became a long email.
__blocking annoying ip address__
A few days ago postfix started getting a connection from a single IP
address, about 3x per minute. All failing.
It originally said "HELO <my domain>" so I configured postfix to reject
this, so sender switched immediately to "HELO User", which I also blocked.
It would always fail with AUTH, as I've not implemented it, and postfix
would send postmaster an email.
I configured an smtpd_helo_restrictions with check_helo_access
hash:/etc/postfix/helo_access, rejecting the offending ip address. This
didn't solve the main bad symptom for me - receiving 3 emails per minute
in my postmaster account.
I want to keep receiving email reports until I feel confident I
understand my system... so I enabled fail2ban for postfix (as has been
suggested on this list), which seems to work well for me so far.
What is the point of flooding my server like this? I haven't enabled
AUTH from outside the server. Do they think I will make the error go
away by granting them access?
Is this someone sticking a metaphorical fish behind a metaphorical
radiator, so the ip address becomes useless for the next user?
My original restrictions also stopped gmail addresses from being
delivered, so I disabled them and use fail2ban. Are there reasons to use
postfix restrictions over fail2ban?
What postfix restrictions do others use / find appropriate?
Many comments online suggest "smtpd_delay_reject = yes" - Why? Is there
a good reason not to fail fast?
__Virgina Tech StartTLS Scanner__
There is a 2nd address that has been blocked by fail2ban. One connection
per day.
I assume it's well intentioned. It's stated aim is to "collect
certificates served at SMTP servers that support STARTTLS and DANE".
It's result is to get blocked by fail2ban after repeatedly failing to
STARTTLS.
My sense is - I didn't ask you to scan me. Having got a "no I don't
support STARTTLS and DANE", why ask repeatedly?
__disable VRFY__
By default my Gentoo setup enabled VRFY (allowing client to verify if an
email address exists). I disabled it. Why would I leave this enabled? In
what way does it benefit me?
__pflogsumm__
I've installed pflogsumm, which gives me a nice digestible "postfix log
summary". Do others use something else / better?
__sendEmail__
I installed sendEmail
(http://caspian.dotconf.net/menu/Software/SendEmail/), as I found
netcatting directly to port 25 from bash didn't work. SendEmail works,
and makes my bash script look more like a script. There seem to be
multiple tools like this. Preferences?
Thanks
Tug
To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org
To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org
To visit the archives: https://lists.linux-ottawa.org