huan
commented
3 years ago Hi mike,
I'd like to upgrade the postfix package so that your CIDR capability can be supported.
Pull Request is welcome.
Open mike-crawfurd opened 3 years ago
huan
commented
3 years ago Hi mike,
I'd like to upgrade the postfix package so that your CIDR capability can be supported.
Pull Request is welcome.
mike-crawfurd
commented
3 years ago Thanks, good to hear let me know when I can test and confirm!
Met vriendelijke groet/kind regards, Mike
On 24 Jan 2021, at 15:22, Huan notifications@github.com wrote:
Hi mike,
I'd like to upgrade the postfix package so that your CIDR capability can be supported.
Pull Request is welcome.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
mike-crawfurd
commented
3 years ago Hi Huan, Apologies, I do not really know how to do a pull request. Can you point me what you need me to do? Regards, Mike
dgraziotin
commented
3 years ago @mike-crawfurd meanwhile, you could easily setup fail2ban to block these attempts.
This is my /etc/fail2ban/jail.d/saslmail.conf
[saslmail]
enabled = true
port = 25,465,587
filter = saslmail
logtimezone = UTC
logpath = /var/lib/docker/containers/*/*-json.log
bantime = 600
findtime = 600
maxretry = 3
action = iptables-allports[chain="FORWARD"]maxretry = 3 is a bit strict, FYI. You can raise it to a higher value.
This is my /etc/fail2ban/filter.d/saslmail.conf
[Definition]
failregex = ^.*\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed.*$
^.*reject: RCPT from \S+\[<HOST>\]:.*Relay access denied.*$
^.*lost connection after .*\[<HOST>\].*$
Hi,
One of my dockers based on your great work is being attacked by some people trying to brute force it. The IPs seem limited to two or three, so it should be easy to block them. An article on how to do this is here: https://ethitter.com/2016/03/blocking-sender-ips-in-postfix/
Example of the logs where people try to login: Jan 24 09:42:36 cafff8e519dd postfix/smtpd[25002]: connect from unknown[212.70.149.85] Jan 24 09:42:37 cafff8e519dd postfix/smtpd[24875]: warning: unknown[212.70.149.54]: SASL LOGIN authentication failed: authentication failure Jan 24 09:42:38 cafff8e519dd postfix/smtpd[24875]: disconnect from unknown[212.70.149.54] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 Jan 24 09:42:45 cafff8e519dd postfix/smtpd[25002]: warning: unknown[212.70.149.85]: SASL LOGIN authentication failed: authentication failure Jan 24 09:42:47 cafff8e519dd postfix/smtpd[25002]: disconnect from unknown[212.70.149.85] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 Jan 24 09:42:51 cafff8e519dd postfix/smtpd[24875]: connect from unknown[212.70.149.54] Jan 24 09:42:57 cafff8e519dd postfix/smtpd[25002]: connect from unknown[212.70.149.85]
However, it seems the postmap in your docker is not able to handle cidr, as I get this error message below: bash-5.0# postmap cidr:client_checks postmap: fatal: unsupported dictionary type: cidr. Is the postfix-cidr package installed? bash-5.0#
Is it possible to upgrade the postfix package to one that includes the cidr capability? Since my 'attackers' seem limited, I do not feel I need to use other tools to block them.
Thanks, Mike