Date: Mon, 25 Jul 2016 12:32:37 -0500 From: Karl Denninger <karl@denninger.net> To: freebsd-stable@freebsd.org Subject: Re: Postfix and tcpwrappers? Message-ID: <c5fc2cb8-faa6-ffe5-887a-dc07b242f694@denninger.net> In-Reply-To: <op.yk51o9vtkndu52@ronaldradial.radialsg.local> References: <a3ad16f6-3bae-68dd-d4c7-9ed7cd223aa5@denninger.net> <op.yk51o9vtkndu52@ronaldradial.radialsg.local>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On 7/25/2016 12:04, Ronald Klop wrote:
> On Mon, 25 Jul 2016 18:48:25 +0200, Karl Denninger
> <karl@denninger.net> wrote:
>
>> This may not belong in "stable", but since Postfix is one of the
>> high-performance alternatives to sendmail....
>>
>> Question is this -- I have sshguard protecting connections inbound, but
>> Postfix appears to be ignoring it, which implies that it is not paying
>> attention to the hosts.allow file (and the wrapper that enables it.)
>>
>> Recently a large body of clowncars have been targeting my sasl-enabled
>> https gateway (which I use for client machines and thus do in fact need)
>> and while sshguard picks up the attacks and tries to ban them, postfix
>> is ignoring the entries it makes which implies it is not linked with the
>> tcp wrappers.
>>
>> A quick look at the config for postfix doesn't disclose an obvious
>> configuration solution....did I miss it?
>>
>
> Don't know if postfix can handle tcp wrappers, but I use bruteblock
> [1] for protecting connections via the ipfw firewall. I use this for
> ssh and postfix.
>
I recompiled sshguard to use ipfw and stuck the table lookup in my
firewall config..... works, and is software-agnostic (thus doesn't care
if something was linked against tcpwrappers or not.)
--
Karl Denninger
karl@denninger.net <mailto:karl@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
[-- Attachment #2 --]
0 *H
010
`He�0 *H
��_0[0C)0
*H
�01
0 UUS10UFlorida10U Niceville10U
Cuda Systems LLC1
0UCuda Systems LLC CA1"0 *H
Cuda Systems LLC CA0
150421022159Z
200419022159Z0Z1
0 UUS10UFlorida10U
Cuda Systems LLC1
0
UKarl Denninger (OCSP)0"0
*H
��0
�X@vkY
Tq/vE]5#֯MX
\8LJ/V?5Da+
sJc*/r{ȼnS+�w")ąZ^DtdCOZ
~7Q '@a#ijc۴oZdB&!Ӝ-< ?
HN5y
5}F|e
f"V
لio74zn">a1qWuɖbFeGE&3(KhixG3!#e_XƬ
Ϝ/,$+;4y
'Bz<qT9_?rRUpn5
Jn&Rx/p Jyel*pN8/#9u/YP
EC)TY>~/˘N[vyiDKˉ
,^"
?$T8�v&
K%z8C @?K{9f`+@,|
Mbia�007++0)0'+0http://cudasystems.net:88880 U
0�0 `HB0
U
0, `HB
OpenSSL Generated Certificate0
U
-h\Ff Y0 U
#0$q}ݽʒm50
U
0karl@denninger.net0
*H
��Owbabɺx&Uk[
(Oj!%p�MQ0I!#QH}.>~2&D}<wm_>V6
v
]f>=Nn+8;q wfΰ/RLyUG#b}n!Dր
_up|_ǰc/%ۥ
nN8:d;-UJd/m1~VނיnN I˾$tF1&}|?q?\đXԑ&\4V<lKۮ3%Am_(q
-(cAeGX)f}-˥6cv~Kg8m~v
;|9:-iAPқ6ېn-.)<[$KJtt/L4ᖣ^Cmu4vb{+BG$M0c\[MR|0FԸP&78"4p#
}D
Z9;V9#>Sw"[UP710001
0 UUS10UFlorida10U Niceville10U
Cuda Systems LLC1
0UCuda Systems LLC CA1"0 *H
Cuda Systems LLC CA)0
`He�M0 *H
1
*H
0
*H
1
160725173237Z0O *H
1B@?T8t
PJy?OϞGؤ\BO
@yXi*}AVcO0l *H
1_0]0
`He*0
`He0
*H
0*H
�0
*H
@0+0
*H
(0 +71001
0 UUS10UFlorida10U Niceville10U
Cuda Systems LLC1
0UCuda Systems LLC CA1"0 *H
Cuda Systems LLC CA)0
*H
101
0 UUS10UFlorida10U Niceville10U
Cuda Systems LLC1
0UCuda Systems LLC CA1"0 *H
Cuda Systems LLC CA)0
*H
��420&_V&Wz Ck䦛Q:Vg3eXkl&9u?!_w.sz>`+TQh%ߧq˦{;*^]pSAWVv�lɸm76˰c3Vo
Rm<gJՓЊ
3
궣Af
ViD+.r T4~mXI
,:96@E(J /aB˿(<oS˭qZ/=9l{LXVr \?V:U6i OhuU0⽹tf?-5"-1q5"0�. Rz
TLX9`L3mVȿ=
K�}0ƛ3d
L?`xߊ*;ş6k=,3`Sק8jss+3CZ97w9ŌřwǁLjyqf;S������
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c5fc2cb8-faa6-ffe5-887a-dc07b242f694>