Re: [exim] Closing off Port to non-SSL traffic

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Kirill Miazine
Date:  
À: exim-users
Sujet: Re: [exim] Closing off Port to non-SSL traffic
• Slavko via Exim-users [2022-06-24 06:08]:
[...]
> That is pretty simple, just add this IP to firewall's DROP. To automatize
> its banning, use fail2ban. But be aware, that they will often try from
> other IP soon. I have 100 - 800 different IPs per day, most of them
> has only one attempt allowed here, it is some thousands of IPs in last
> 24 days (maximum ipset timeout) from whole word.


I've found AuthBL from Spamhaus and Abusix to be very useful. Anything
blocked attempts from anything listed there is getting added to host's
firewall within 5 mins (to avoid logspam):

acl_check_auth:
    deny
       !encrypted = *
        message = Server policy requires encrypted connection


    accept
        hosts = +relay_hosts : +permit_hosts


    deny
        message = Sender host blocked (source: DNS)
        log_message = Sender host blocked (source: AuthBL)
        dnslists = +exclude_unknown : XYZ.authbl.dq.spamhaus.net
        delay = 60s


    deny
        message = Sender host blocked (source: DNS)
        log_message = Sender host blocked (source: Abusix)
        dnslists = +exclude_unknown : XYZ.authbl.mail.abusix.zone
        delay = 60s


    accept


> I am happy, that i long time ago decided to separate MX & MSA roles
> even for my small email system, which allow me simple reject
> "EHLO User" (and other strict rules) on MX port's 25, which are common
> on MSA.


I tend to make my MUAs say "EHLO there" or "EHLO world" :)