Date: Mon, 25 Jul 2016 14:38:20 -0500 From: Tim Daneliuk <tundra@tundraware.com> To: Shawn Bakhtiar <shashaness@hotmail.com>, "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Re: Postfix and tcpwrappers? Message-ID: <b37c4eb8-7a41-df22-f100-d276af6946cb@tundraware.com> In-Reply-To: <CY1PR14MB052028E7772BEDE8E74854C7C40D0@CY1PR14MB0520.namprd14.prod.outlook.com> References: <a3ad16f6-3bae-68dd-d4c7-9ed7cd223aa5@denninger.net> <op.yk51o9vtkndu52@ronaldradial.radialsg.local> <c5fc2cb8-faa6-ffe5-887a-dc07b242f694@denninger.net> <CY1PR14MB052028E7772BEDE8E74854C7C40D0@CY1PR14MB0520.namprd14.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/25/2016 01:20 PM, Shawn Bakhtiar wrote: > ecently a large body of clowncars have been targeting my sasl-enabled > https gateway (which I use for client machines and thus do in fact need) > and while sshguard picks up the attacks and tries to ban them, postfix > is ignoring the entries it makes which implies it is not linked with the > tcp wrappers. > > A quick look at the config for postfix doesn't disclose an obvious > configuration solution....did I miss it? > You can more-or-less run anything from a wrapper if you don't daemonize it and kick it off on-demand from inetd. Essentially, you have inetd.conf configured with a stanza that - upon connection attempt - launches an instance of your desired program (postfix in this case), if and only if the hosts.allow rules are satisfied. This works nicely for smaller installations, but is very slow in high arrival rate environments because each connection attempt incurs the full startup overhead of the program you're running.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b37c4eb8-7a41-df22-f100-d276af6946cb>