Re: Postfix: running a script on authentication failure
On Thu, 22 Jun 2023, Michael Peddemors wrote:
- Use services like RATS-AUTH to block IPs that can safely be blocked as known hackers..
Cool. Are there other DNSRBLs (apart from bl.blocklist.de) that list BFD attack IPs?
- Use services like RATS-NULL (or SpamHaus DROP lists) right in the firewall level. There are SOME networks that should simply be 'unplugged'
Can't find it in https://spamrats.com/. Is it an DNSRBL or downloadable file?
- Turn off port 110 (well, all plain text authentication) 90% less email compromise reports when you do..
That will disable STARTTLS though. Even though it's not plaintext, maybe that is a good thing as it avoids MITM banner stripping attacks.
Joseph Tam jtam.home@gmail.com
On 2023-06-26 17:17, Joseph Tam wrote:
On Thu, 22 Jun 2023, Michael Peddemors wrote:
- Use services like RATS-AUTH to block IPs that can safely be blocked as known hackers..
Cool. Are there other DNSRBLs (apart from bl.blocklist.de) that list BFD attack IPs?
- Use services like RATS-NULL (or SpamHaus DROP lists) right in the firewall level. There are SOME networks that should simply be 'unplugged'
Can't find it in https://spamrats.com/. Is it an DNSRBL or downloadable file?
Assuming you mean RATS-NULL, it's available as both a restricted DNSRBL and in BMS format under subscription. There is interest in having it as an API as well, but that will be next quarter.
- Turn off port 110 (well, all plain text authentication) 90% less email compromise reports when you do..
That will disable STARTTLS though. Even though it's not plaintext, maybe that is a good thing as it avoids MITM banner stripping attacks.
Use ports 993/995 for email, instead of ports 110/143, but if you HAVE to leave them open, ensure that you force TLS. But the more standard way is to just use SSL on 993/995.
Joseph Tam jtam.home@gmail.com
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- "Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
participants (2)
-
Joseph Tam
-
Michael Peddemors