On 7/25/2016 12:04, Ronald Klop wrote:> On Mon, 25 Jul 2016 18:48:25 +0200, Karl Denninger
> <karl at denninger.net> wrote:
>
>> This may not belong in "stable", but since Postfix is one of
the
>> high-performance alternatives to sendmail....
>>
>> Question is this -- I have sshguard protecting connections inbound, but
>> Postfix appears to be ignoring it, which implies that it is not paying
>> attention to the hosts.allow file (and the wrapper that enables it.)
>>
>> Recently a large body of clowncars have been targeting my sasl-enabled
>> https gateway (which I use for client machines and thus do in fact
need)
>> and while sshguard picks up the attacks and tries to ban them, postfix
>> is ignoring the entries it makes which implies it is not linked with
the
>> tcp wrappers.
>>
>> A quick look at the config for postfix doesn't disclose an obvious
>> configuration solution....did I miss it?
>>
>
> Don't know if postfix can handle tcp wrappers, but I use bruteblock
> [1] for protecting connections via the ipfw firewall. I use this for
> ssh and postfix.
>
I recompiled sshguard to use ipfw and stuck the table lookup in my
firewall config..... works, and is software-agnostic (thus doesn't care
if something was linked against tcpwrappers or not.)
--
Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2996 bytes
Desc: S/MIME Cryptographic Signature
URL:
<http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20160725/ef1409e1/attachment.bin>