Date: Mon, 25 Jul 2016 12:32:37 -0500 From: Karl Denninger <karl@denninger.net> To: freebsd-stable@freebsd.org Subject: Re: Postfix and tcpwrappers? Message-ID: <c5fc2cb8-faa6-ffe5-887a-dc07b242f694@denninger.net> In-Reply-To: <op.yk51o9vtkndu52@ronaldradial.radialsg.local> References: <a3ad16f6-3bae-68dd-d4c7-9ed7cd223aa5@denninger.net> <op.yk51o9vtkndu52@ronaldradial.radialsg.local>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms030006000001000503040308 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 7/25/2016 12:04, Ronald Klop wrote: > On Mon, 25 Jul 2016 18:48:25 +0200, Karl Denninger > <karl@denninger.net> wrote: > >> This may not belong in "stable", but since Postfix is one of the >> high-performance alternatives to sendmail.... >> >> Question is this -- I have sshguard protecting connections inbound, bu= t >> Postfix appears to be ignoring it, which implies that it is not paying= >> attention to the hosts.allow file (and the wrapper that enables it.) >> >> Recently a large body of clowncars have been targeting my sasl-enabled= >> https gateway (which I use for client machines and thus do in fact nee= d) >> and while sshguard picks up the attacks and tries to ban them, postfix= >> is ignoring the entries it makes which implies it is not linked with t= he >> tcp wrappers. >> >> A quick look at the config for postfix doesn't disclose an obvious >> configuration solution....did I miss it? >> > > Don't know if postfix can handle tcp wrappers, but I use bruteblock > [1] for protecting connections via the ipfw firewall. I use this for > ssh and postfix. > I recompiled sshguard to use ipfw and stuck the table lookup in my firewall config..... works, and is software-agnostic (thus doesn't care if something was linked against tcpwrappers or not.) --=20 Karl Denninger karl@denninger.net <mailto:karl@denninger.net> /The Market Ticker/ /[S/MIME encrypted email preferred]/ --------------ms030006000001000503040308 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC Bl8wggZbMIIEQ6ADAgECAgEpMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzEQMA4G A1UECBMHRmxvcmlkYTESMBAGA1UEBxMJTmljZXZpbGxlMRkwFwYDVQQKExBDdWRhIFN5c3Rl bXMgTExDMRwwGgYDVQQDExNDdWRhIFN5c3RlbXMgTExDIENBMSIwIAYJKoZIhvcNAQkBFhND dWRhIFN5c3RlbXMgTExDIENBMB4XDTE1MDQyMTAyMjE1OVoXDTIwMDQxOTAyMjE1OVowWjEL MAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExGTAXBgNVBAoTEEN1ZGEgU3lzdGVtcyBM TEMxHjAcBgNVBAMTFUthcmwgRGVubmluZ2VyIChPQ1NQKTCCAiIwDQYJKoZIhvcNAQEBBQAD ggIPADCCAgoCggIBALmEWPhAdphrWd4K5VTvE5pxL3blRQPyGF3ApjUjgtavqU1Y8pbI3Byg XDj2/Uz9Si8XVj/kNbKEjkRh5SsNvx3Fc0oQ1uVjyCq7zC/kctF7yLzQbvWnU4grAPZ3IuAp 3/fFxIVaXpxEdKmyZAVDhk9az+IgHH43rdJRIMzxJ5vqQMb+n2EjadVqiGPbtG9aZEImlq7f IYDTnKyToi23PAnkPwwT+q1IkI2DTvf2jzWrhLR5DTX0fUYC0nxlHWbjgpiapyJWtR7K2YQO aevQb/3vN9gSojT2h+cBem7QIj6U69rEYcEDvPyCMXEV9VcXdcmW42LSRsPvZcBHFkWAJqMZ Myiz4kumaP+s+cIDaXitR/szoqDKGSHM4CPAZV9Yh8asvxQL5uDxz5wvLPgS5yS8K/o7zDR5 vNkMCyfYQuR6PAJxVOk5Arqvj9lfP3JSVapwbr01CoWDBkpuJlKfpQIEeC/pcCBKknllbMYq yHBO2TipLyO5Ocd1nhN/nOsO+C+j31lQHfOMRZaPQykXVPWG5BbhWT7ttX4vy5hOW6yJgeT/ o3apynlp1cEavkQRS8uJHoQszF6KIrQMID/JfySWvVQ4ksnfzwB2lRomrdrwnQ4eG/HBS+0l eozwOJNDIBlAP+hLe8A5oWZgooIIK/SulUAsfI6Sgd8dTZTTYmlhAgMBAAGjgfQwgfEwNwYI KwYBBQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vY3VkYXN5c3RlbXMubmV0Ojg4ODgw CQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMCwGCWCGSAGG+EIB DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUxRyULenJaFwX RtT79aNmIB/u5VkwHwYDVR0jBBgwFoAUJHGbnYV9/N3dvbDKkpQDofrTbTUwHQYDVR0RBBYw FIESa2FybEBkZW5uaW5nZXIubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQBPf3cYtmKowmGIYsm6 eBinJu7QVWvxi1vqnBz3KE+HapqoIZS8/PolB/hwiY0UAE1RsjBJ7yEjihVRwummSBvkoOyf G30uPn4yg4vbJkR9lTz8d21fPshWETa6DBh2jx2Qf13LZpr3Pj2fTtlu6xMYKzg7cSDgd2bO sJGH/rcvva9Spkx5Vfq0RyOrYph9boshRN3D4tbWgBAcX9POdXCVfJONDxhfBuPHsJ6vEmPb An+XL5Yl26XYFPiODQ+Qbk44Ot1kt9s7oS3dVUrh92Qv0G3J3DF+Vt6C15nED+f+bk4gScu+ JHT7RjEmfa18GT8DcT//D1zEke1Ymhb41JH+GyZchDRWtjxsS5OBFMzrju7d264zJUFtX7iJ 3xvpKN7VcZKNtB6dLShj3v/XDsQVQWXmR/1YKWZ93C3LpRs2Y5nYdn6gEOpL/WfQFThtfnat HNc7fNs5vjotaYpBl5H8+VCautKbGOs219uQbhGZLYTv6okuKcY8W+4EJEtK0xB08vqr9Jd0 FS9MGjQE++GWo+5eQxFt6nUENHbVYnsr6bYPQsZH0CRNycgTG9MwY/UIXOf4W034UpR82TBG 1LiMsYfb8ahQJhs3wdf1nzipIjRwoZKT1vGXh/cj3gwSr64GfenURBxaFZA5O1acOZUjPrRT n3ci4McYW/0WVVA3lDGCBRMwggUPAgEBMIGWMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH RmxvcmlkYTESMBAGA1UEBxMJTmljZXZpbGxlMRkwFwYDVQQKExBDdWRhIFN5c3RlbXMgTExD MRwwGgYDVQQDExNDdWRhIFN5c3RlbXMgTExDIENBMSIwIAYJKoZIhvcNAQkBFhNDdWRhIFN5 c3RlbXMgTExDIENBAgEpMA0GCWCGSAFlAwQCAwUAoIICTTAYBgkqhkiG9w0BCQMxCwYJKoZI hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA3MjUxNzMyMzdaME8GCSqGSIb3DQEJBDFCBEA/ zVSsOLV0yMrbA6QMUIL//kq+qal5P8lPz55H6tikB1xCTx7X8UDEeVjcaRUqfbC4mkGFVqeK YwG9T8KDr+3kMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBAjAK BggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYI KoZIhvcNAwICASgwgacGCSsGAQQBgjcQBDGBmTCBljCBkDELMAkGA1UEBhMCVVMxEDAOBgNV BAgTB0Zsb3JpZGExEjAQBgNVBAcTCU5pY2V2aWxsZTEZMBcGA1UEChMQQ3VkYSBTeXN0ZW1z IExMQzEcMBoGA1UEAxMTQ3VkYSBTeXN0ZW1zIExMQyBDQTEiMCAGCSqGSIb3DQEJARYTQ3Vk YSBTeXN0ZW1zIExMQyBDQQIBKTCBqQYLKoZIhvcNAQkQAgsxgZmggZYwgZAxCzAJBgNVBAYT AlVTMRAwDgYDVQQIEwdGbG9yaWRhMRIwEAYDVQQHEwlOaWNldmlsbGUxGTAXBgNVBAoTEEN1 ZGEgU3lzdGVtcyBMTEMxHDAaBgNVBAMTE0N1ZGEgU3lzdGVtcyBMTEMgQ0ExIjAgBgkqhkiG 9w0BCQEWE0N1ZGEgU3lzdGVtcyBMTEMgQ0ECASkwDQYJKoZIhvcNAQEBBQAEggIAGDTJ9zLR yjD0JsAZX1a918kmV3rQ3M8fQ2sV5Kab21H0BjpWZzMaZYi6jwUWWOCaa+njvWyzqLyqxSbk OZSOBfV1P+KD1CFfd8zi0C6vcwSlknrXBT5gF+vW5CtUEAECUYCyrYvoqWiDzePkJcTirt+n v/JxtPycucumE3s7wofPKl5dy+BwU4JBqBsIVwMX4OCv3hZW6512i+CvAGyiybitlaVtkzeb nzbezMuw0wZjpjPqolaypOdvDZG7+fpSbY08nGeTw0rQ4bLVk9CKC+eaM9wKA+q2o4dBZu8a 4wuiVviYhGnMRMUYKy7BcrfaH1Q04BOrmX6czm3PWEkeLDqohJbVw/o5oTYQ/bTqQIFFKEog Di9h7UKwy7/zw9QoPLVvU/TLra2bcVovjD05uGx7TLmSWFZy+x+AXD/LVjpVwDbrufdpCU+3 1Gh1VZIw/giB4r25htd0kxhmPy01k6ciLc0xs4px/jUimzAEBwCILgnI8JZSwLmwj3oLoFRM 8Vg5uWCBwhJM7LsbjzNtA/1WyL/939j0mj0dSwB9lTAaxpsz7GTUDUy0P2AFeAPfiiqJO+Cw u8WfwData5GoPSwz/2CpU6MEGuzjutenOGrgc3MrM55D7r+8mlo5NxH19Ip3OcrFjICrxZnY +ZGTd/DHgQ7HiKl5ofWccWY7U8sAAAAAAAA= --------------ms030006000001000503040308--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c5fc2cb8-faa6-ffe5-887a-dc07b242f694>