Início / user-227026

Aleksandar Pavić's questions

Martin Hope
Aleksandar Pavić
Asked: 2017-01-28 00:59:14 +0800 CST
  • 2

Seria sensato se eu modificasse a regra postfix fail2ban disso:

failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
        ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
        ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$
        ^%(__prefix_line)sNOQUEUE: reject: EHLO from \S+\[<HOST>\]: 504 5\.5\.2 <\S+>: Helo command rejected: need fully-qualified hostname;
        ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$
        ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.1\.8 <\S*>: Sender address rejected: Domain not found; from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
        ^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$

adicionando a seguinte linha:

  ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 550 5\.1\.1 .*$

Porque estou tentando evitar ataques como este:

Jan 27 09:42:02 host1 postfix/smtpd[3416]: NOQUEUE: reject: RCPT from unknown[109.107.106.180]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unkn
own in virtual alias table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[109.107.106.180]>
Jan 27 09:42:03 host1 postfix/smtpd[3416]: NOQUEUE: reject: RCPT from unknown[109.107.106.180]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown 
in virtual alias table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[109.107.106.180]>
Jan 27 09:55:32 host1 postfix/smtpd[4914]: NOQUEUE: reject: RCPT from unknown[109.107.106.180]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unk
nown in virtual alias table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[109.107.106.180]>
Jan 27 09:55:32 host1 postfix/smtpd[4914]: NOQUEUE: reject: RCPT from unknown[109.107.106.180]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown
 in virtual alias table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[109.107.106.180]>

Minha preocupação é que ele descartará e-mails errados não intencionais que devem ser devolvidos aos usuários que perderam o endereço de e-mail por acidente.

Qual é a sua sugestão?

spam postfix brute-force-attacks fail2ban