• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved How to Block SMTP AUTH attempts using a RBL

danami said:
> I have a really good RBL that I checked a lot of times vs attacker IP's and my client IP's and it's 99% exact with the attacker IP's, so, yes a RBL will work if there's a way to block the SMTP AUTH using it.

Use postscreen then as this is what it was designed for:
www.linuxbabe.com

Enable and Configure Postscreen in Postfix to Block Spambots

Postscreen is an SMTP filter that blocks spambots away from the real Postfix smtpd daemon, so Postfix does not feel overloaded and can process legitimate emails more efficiently.
www.linuxbabe.com www.linuxbabe.com
Click to expand...
Hi @danami & others,

Thanks for sharing this, I use it on other mail servers but I've not tried it with Plesk because I understand there are some issues when using postscreen.
Can anyone confirm that Plesk works well in the long run when using postscreen options, without the deep protocol tests?

Also, @danami, does your latest Warden include Postscreen settings/options like dnsbl and thresholds?
 
@zwankie Setting up postscreen will break the Plesk mail repair tools the last time I checked. Also most of the postscreen restrictions are fully supported directly by Postfix anyway.

You can see the Postfix restrictions that Warden supports here:

Mail Server Settings | Warden Anti-spam and Virus Protection Documentation

Warden Anti-spam and Virus Protection
docs.danami.com docs.danami.com

The best way to stop SMTP attacks is to disable SMTP auth in Postfix for the incoming port 25 then use Juggernaut Firewall to only allow the countries you want to be allowed to send on the submission port 587. Everyone else will be blocked from connecting to the submission port.
 
danami said:
@zwankie Setting up postscreen will break the Plesk mail repair tools the last time I checked. Also most of the postscreen restrictions are fully supported directly by Postfix anyway.

You can see the Postfix restrictions that Warden supports here:

Mail Server Settings | Warden Anti-spam and Virus Protection Documentation

Warden Anti-spam and Virus Protection
docs.danami.com docs.danami.com

The best way to stop SMTP attacks is to disable SMTP auth in Postfix for the incoming port 25 then use Juggernaut Firewall to only allow the countries you want to be allowed to send on the submission port 587. Everyone else will be blocked from connecting to the submission port.
Click to expand...
Thanks for the reply.

What I'm specifically looking for is to implement a DNSBL solution with Thresholds so that it reduces false positives. Meaning setting it so that at least two or more (depending on the threshold setting) DNSBL providers need to have it listed before it is blocked. As far as I know only postscreen allows this Threshold not the normal Postfix smtpd_client_restrictions.

If I missed the way to do thresholds for DNSBL entries without postscreen please let me know.
 
@zwankie Then you are out of luck then as the Plesk repair tools can't handle the postscreen configuration. Also Warden already allows you to be able to whitelist servers from Plesk DNSBLs so if you do have a server that's blocked you can whitelist it or it's CIDR easily.
 
You must log in or register to reply here.

Similar threads

carlsson
Issue Really strange problem – I can't use my SMTP server intermittently
Replies
2
Views
240
carlsson
carlsson
K
Issue Dovecot backup/sync to second server fails - Error: auth-master: userdb lookup
Replies
0
Views
1K
kassi
K
M
Issue Problem Mail SpamHaust - HELO/EHLO & DNS CHECKS
Replies
8
Views
535
meditrust
M
M
Issue Can't open Port 25. Please help
Replies
2
Views
404
mhogue
M
L
Question System Emails Marked as Spam
Replies
2
Views
280
Leighton Thompson
L
Back
Top