• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved How to Block SMTP AUTH attempts using a RBL

danami said:
> I have a really good RBL that I checked a lot of times vs attacker IP's and my client IP's and it's 99% exact with the attacker IP's, so, yes a RBL will work if there's a way to block the SMTP AUTH using it.

Use postscreen then as this is what it was designed for:
www.linuxbabe.com

Enable and Configure Postscreen in Postfix to Block Spambots

Postscreen is an SMTP filter that blocks spambots away from the real Postfix smtpd daemon, so Postfix does not feel overloaded and can process legitimate emails more efficiently.
www.linuxbabe.com www.linuxbabe.com
Click to expand...
Hi @danami & others,

Thanks for sharing this, I use it on other mail servers but I've not tried it with Plesk because I understand there are some issues when using postscreen.
Can anyone confirm that Plesk works well in the long run when using postscreen options, without the deep protocol tests?

Also, @danami, does your latest Warden include Postscreen settings/options like dnsbl and thresholds?
 
@zwankie Setting up postscreen will break the Plesk mail repair tools the last time I checked. Also most of the postscreen restrictions are fully supported directly by Postfix anyway.

You can see the Postfix restrictions that Warden supports here:

Mail Server Settings | Warden Anti-spam and Virus Protection Documentation

Warden Anti-spam and Virus Protection
docs.danami.com docs.danami.com

The best way to stop SMTP attacks is to disable SMTP auth in Postfix for the incoming port 25 then use Juggernaut Firewall to only allow the countries you want to be allowed to send on the submission port 587. Everyone else will be blocked from connecting to the submission port.
 
danami said:
@zwankie Setting up postscreen will break the Plesk mail repair tools the last time I checked. Also most of the postscreen restrictions are fully supported directly by Postfix anyway.

You can see the Postfix restrictions that Warden supports here:

Mail Server Settings | Warden Anti-spam and Virus Protection Documentation

Warden Anti-spam and Virus Protection
docs.danami.com docs.danami.com

The best way to stop SMTP attacks is to disable SMTP auth in Postfix for the incoming port 25 then use Juggernaut Firewall to only allow the countries you want to be allowed to send on the submission port 587. Everyone else will be blocked from connecting to the submission port.
Click to expand...
Thanks for the reply.

What I'm specifically looking for is to implement a DNSBL solution with Thresholds so that it reduces false positives. Meaning setting it so that at least two or more (depending on the threshold setting) DNSBL providers need to have it listed before it is blocked. As far as I know only postscreen allows this Threshold not the normal Postfix smtpd_client_restrictions.

If I missed the way to do thresholds for DNSBL entries without postscreen please let me know.
 
@zwankie Then you are out of luck then as the Plesk repair tools can't handle the postscreen configuration. Also Warden already allows you to be able to whitelist servers from Plesk DNSBLs so if you do have a server that's blocked you can whitelist it or it's CIDR easily.
 
You must log in or register to reply here.

Similar threads

wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
1K
mizar
mizar
majdi draouil
Question How to Block Direct IP Access and Ensure All Traffic Routes Through Cloudflare
Replies
1
Views
598
Raul A.
R
C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
2K
Change Maker
C
T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
958
TurabG
T
carlsson
Issue Really strange problem – I can't use my SMTP server intermittently
Replies
2
Views
1K
carlsson
carlsson
Back
Top