So as not to derail a previous thread.
ProFTPd. Allow over write
Others?
So as not to derail a previous thread.
ProFTPd. Allow over write
Others?
This could be a useful topic (maybe some cleaning of unnecessary posts).
I got on my fresh install list:
Of course this is not what you must do perse, but the title say βyou might want to checkβ.
Iβve made these changes to /etc/postfix/main.cf
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_invalid_hostname
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
# check_policy_service unix:private/policyd-spf
It seems that order may be important. The permit _sasl_authenticated happens and is logged. A valid client would thus not be affected. Logs show a lot of dropped connections once the auth fails. My fail2ban jail now seems to be a lot less croweded.
I played with rejecting for failed SPF. This was a bad idea. I have accounts that forward mail and these all started to fail. I suppose if you know in advance all possible forwards you could whitelist them but thatβs not possible in my case.
I still show connection attempts to SSH but my fail2ban jail is empty.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.