Date: Mon, 25 Jul 2016 19:04:11 +0200 From: "Ronald Klop" <ronald-lists@klop.ws> To: freebsd-stable@freebsd.org, "Karl Denninger" <karl@denninger.net> Subject: Re: Postfix and tcpwrappers? Message-ID: <op.yk51o9vtkndu52@ronaldradial.radialsg.local> In-Reply-To: <a3ad16f6-3bae-68dd-d4c7-9ed7cd223aa5@denninger.net> References: <a3ad16f6-3bae-68dd-d4c7-9ed7cd223aa5@denninger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 Jul 2016 18:48:25 +0200, Karl Denninger <karl@denninger.net> wrote: > This may not belong in "stable", but since Postfix is one of the > high-performance alternatives to sendmail.... > > Question is this -- I have sshguard protecting connections inbound, but > Postfix appears to be ignoring it, which implies that it is not paying > attention to the hosts.allow file (and the wrapper that enables it.) > > Recently a large body of clowncars have been targeting my sasl-enabled > https gateway (which I use for client machines and thus do in fact need) > and while sshguard picks up the attacks and tries to ban them, postfix > is ignoring the entries it makes which implies it is not linked with the > tcp wrappers. > > A quick look at the config for postfix doesn't disclose an obvious > configuration solution....did I miss it? > Don't know if postfix can handle tcp wrappers, but I use bruteblock [1] for protecting connections via the ipfw firewall. I use this for ssh and postfix. Regards, Ronald. [1] http://www.freshports.org/security/bruteblock/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.yk51o9vtkndu52>