[Postfixbuch-users] Distributed attack

Andreas Meyer anmeyer at anup.de
So Okt 17 21:42:26 CEST 2004 

Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote:

> > Meine Domaine wurde offenbar mißbraucht.
> 
> Mist.
> 
> > Mach ich das richtig so?:
> > ....
> > michael at anup.de           OK
> > sabine at anup.de            OK
> > @anup.de                  550
> 
> Nein.
> @anup.de                  550
> muss weg!
> 
> Somit gelten dann NUR michael & sabine 

meine check_recipient_access greift nicht.

smtpd_recipient_restrictions =
    reject_unauth_pipelining,
    permit_sasl_authenticated,
    check_recipient_access btree:/etc/postfix/access_recipient,
    permit_mynetworks,
    reject_unauth_destination,
    reject_unknown_recipient_domain,
    reject_maps_rbl


meine access_recipient:
# Mails von/an diese Adresse werden immer erlaubt
/^(postmaster|abuse)@.*$/       OK

fax.anup.de             fax-restrictions

# Hier werden nur bekannte Empfänger erlaubt und alles andere geblockt
...
...
michael at anup.de         OK
sabine at anup.de          OK


Oct 17 21:32:15 cherry postfix/smtpd[26257]: connect from 208-216-203-41.in-addr.net1plus.com[208.216.203.41]
Oct 17 21:32:16 cherry postfix/smtpd[26257]: 5BFA881D7: client=208-216-203-41.in-addr.net1plus.com[208.216.203.41]
Oct 17 21:32:18 cherry postfix/cleanup[26258]: 5BFA881D7: message-id=<0bILeBzYU000021d0 at 2000server.HALLFINN.COM>
Oct 17 21:32:18 cherry postfix/nqmgr[26190]: 5BFA881D7: from=<>, size=3679, nrcpt=1 (queue active)
Oct 17 21:32:18 cherry postfix/smtp[26259]: setting up TLS connection to delta.anup.dmz
Oct 17 21:32:18 cherry postfix/smtpd[26257]: disconnect from 208-216-203-41.in-addr.net1plus.com[208.216.203.41]
Oct 17 21:32:19 cherry postfix/smtp[26259]: Verified: subject_CN=delta.anup.dmz, issuer=CA-anup.de
Oct 17 21:32:19 cherry postfix/smtp[26259]: TLS connection established to delta.anup.dmz: TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)
Oct 17 21:32:30 cherry postfix/smtp[26259]: 5BFA881D7: to=<ZLBJNXWFBRVKDHUOVKUTVS at anup.de>, relay=delta.anup.dmz[192.168.20.60], delay=13, status=bounced (host delta.anup.dmz[192.168.20.60] said: 550 <ZLBJNXWFBRVKDHUOVKUTVS at anup.de>: User unknown)
Oct 17 21:32:30 cherry postfix/cleanup[26258]: 089D281D9: message-id=<20041017193230.089D281D9 at cherry.anup.de>
Oct 17 21:32:30 cherry postfix/nqmgr[26190]: 089D281D9: from=<double-bounce at cherry.anup.de>, size=1462, nrcpt=1 (queue active)
Oct 17 21:32:30 cherry postfix/smtp[26259]: setting up TLS connection to delta.anup.dmz
Oct 17 21:32:31 cherry postfix/smtp[26259]: Verified: subject_CN=delta.anup.dmz, issuer=CA-anup.de
Oct 17 21:32:31 cherry postfix/smtp[26259]: TLS connection established to delta.anup.dmz: TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)
Oct 17 21:32:31 cherry postfix/smtp[26259]: 089D281D9: to=<postmaster at anup.de>, relay=delta.anup.dmz[192.168.20.60], delay=1, status=sent (250 Ok: queued as 48285AAAA9)



cherry:/etc/postfix # postmap -q 'karl at anup.de' btree:/etc/postfix/access_recipient
cherry:/etc/postfix # postmap -q 'anmeyer at anup.de' btree:/etc/postfix/access_recipient
OK


Warum greift die nicht?
smtpd_delay_reject = yes

-- 
   Andreas Meyer
   
"We only do well the things we like doing." - Colette

Mehr Informationen über die Mailingliste Postfixbuch-users