Resolved How to Block SMTP AUTH attempts using a RBL

[zwankie]

> I have a really good RBL that I checked a lot of times vs attacker IP's and my client IP's and it's 99% exact with the attacker IP's, so, yes a RBL will work if there's a way to block the SMTP AUTH using it.

Use postscreen then as this is what it was designed for:

Postfix Postscreen Howto

Enable and Configure Postscreen in Postfix to Block Spambots

Postscreen is an SMTP filter that blocks spambots away from the real Postfix smtpd daemon, so Postfix does not feel overloaded and can process legitimate emails more efficiently.

www.linuxbabe.com

Hi @danami & others,

Thanks for sharing this, I use it on other mail servers but I've not tried it with Plesk because I understand there are some issues when using postscreen.
Can anyone confirm that Plesk works well in the long run when using postscreen options, without the deep protocol tests?

Also, @danami, does your latest Warden include Postscreen settings/options like dnsbl and thresholds?

 

[danami]

@zwankie Setting up postscreen will break the Plesk mail repair tools the last time I checked. Also most of the postscreen restrictions are fully supported directly by Postfix anyway.

You can see the Postfix restrictions that Warden supports here:

Mail Server Settings | Warden Anti-spam and Virus Protection Documentation

Warden Anti-spam and Virus Protection

docs.danami.com

The best way to stop SMTP attacks is to disable SMTP auth in Postfix for the incoming port 25 then use Juggernaut Firewall to only allow the countries you want to be allowed to send on the submission port 587. Everyone else will be blocked from connecting to the submission port.

 

[zwankie]

@zwankie Setting up postscreen will break the Plesk mail repair tools the last time I checked. Also most of the postscreen restrictions are fully supported directly by Postfix anyway.

You can see the Postfix restrictions that Warden supports here:

Mail Server Settings | Warden Anti-spam and Virus Protection Documentation

Warden Anti-spam and Virus Protection

docs.danami.com

The best way to stop SMTP attacks is to disable SMTP auth in Postfix for the incoming port 25 then use Juggernaut Firewall to only allow the countries you want to be allowed to send on the submission port 587. Everyone else will be blocked from connecting to the submission port.

Thanks for the reply.

What I'm specifically looking for is to implement a DNSBL solution with Thresholds so that it reduces false positives. Meaning setting it so that at least two or more (depending on the threshold setting) DNSBL providers need to have it listed before it is blocked. As far as I know only postscreen allows this Threshold not the normal Postfix smtpd_client_restrictions.

If I missed the way to do thresholds for DNSBL entries without postscreen please let me know.

 

[danami]

@zwankie Then you are out of luck then as the Plesk repair tools can't handle the postscreen configuration. Also Warden already allows you to be able to whitelist servers from Plesk DNSBLs so if you do have a server that's blocked you can whitelist it or it's CIDR easily.