On Sun, 9 Feb 2025 14:01:21 -0500 Tug Williams via linux <linux [ at ] linux-ottawa [ dot ] org> wrote: > Thoughts appreciated on my ongoing setting up of self / home hosted > email... It became a long email. Hello Tug, It is always good to see technical e-mail in this mailing list. Wish there were more. > > __blocking annoying ip address__ > > A few days ago postfix started getting a connection from a single IP > address, about 3x per minute. All failing. > > It originally said "HELO <my domain>" so I configured postfix to reject > this, so sender switched immediately to "HELO User", which I also blocked. > > It would always fail with AUTH, as I've not implemented it, and postfix > would send postmaster an email. > > I configured an smtpd_helo_restrictions with check_helo_access > hash:/etc/postfix/helo_access, rejecting the offending ip address. This > didn't solve the main bad symptom for me - receiving 3 emails per minute > in my postmaster account. > > I want to keep receiving email reports until I feel confident I > understand my system... so I enabled fail2ban for postfix (as has been > suggested on this list), which seems to work well for me so far. > > What is the point of flooding my server like this? I haven't enabled > AUTH from outside the server. Do they think I will make the error go > away by granting them access? > > Is this someone sticking a metaphorical fish behind a metaphorical > radiator, so the ip address becomes useless for the next user? > > My original restrictions also stopped gmail addresses from being > delivered, so I disabled them and use fail2ban. Are there reasons to use > postfix restrictions over fail2ban? > > What postfix restrictions do others use / find appropriate? I would look what IP address the HELLO request comes from. Even it *could* potentially be a script kiddy scanning your server for a way to spread spam, it could be a part of a legitimate ISP procedure, AFAIK, needs more investigation. > Many comments online suggest "smtpd_delay_reject = yes" - Why? Is there > a good reason not to fail fast? Reason for this is given as follows: smtpd_delay_reject = yes allows the smtp conversation to continue until the point of actually receiving the message before it is rejected, and is useful because it allows full sender and recipient information to be logged. Source: https://wiki.centos.org/HowTos/postfix_restrictions > __disable VRFY__ > > By default my Gentoo setup enabled VRFY (allowing client to verify if an > email address exists). I disabled it. Why would I leave this enabled? In > what way does it benefit me? Postfix manuals (like this: https://linux-audit.com/postfix-hardening-guide-for-security-and-privacy/#disable-vrfy-verify) suggest that enabling this feature is good for debugging purpose. > __sendEmail__ > I installed sendEmail > (http://caspian.dotconf.net/menu/Software/SendEmail/), as I found > netcatting directly to port 25 from bash didn't work. SendEmail works, > and makes my bash script look more like a script. There seem to be > multiple tools like this. Preferences? Some recommend ssmtp, if you ask me, I would configure mutt to send e-mail from the command line. > > > Thanks > > Tug Regards, /Dmitriy. To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org To visit the archives: https://lists.linux-ottawa.org