'Re: [Fail2ban-users] jail for sendmail greylisting?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fail2ban-users
Subject:    Re: [Fail2ban-users] jail for sendmail greylisting?
From:       Tom Hendrikx <tom () whyscream ! net>
Date:       2018-11-07 13:32:51
Message-ID: f082fa87-acef-c539-8015-5b19b376acf7 () whyscream ! net
[Download RAW message or body]

[Attachment #2 (multipart/signed)]

[Attachment #4 (multipart/mixed)]


Hi,

That is not a good idea, maybe you don't understand greylisting?

When a new host connects and tries to deliver a message, the host is
greylisted and told to return some time later. MTAs don't understand the
actual time that is communicated, they just try again later based on
their own configuration.

When a greylisted host returns too soon, it is still blocked by the
greylisting milter, and told to come back later. You could in theory try
to apply f2b to the logs and block hosts at the firewall level that
retry too soon too often, but they are already being blocked by the
greylisting milter, so why bother?

Using f2b, you could potentially block a bonafide server with settings
that are a bit too enthusiastic, but you don't win anything when you
block a spammer (because it is already being blocked).

Kind regards,
	Tom


On 06-11-18 20:57, Robert Kudyba wrote:
> Is there a jail that would cover logs like these from /var/log/maillog?
> 
> Nov  6 06:31:03 dsm milter-greylist[852]: wA6BUrNX018110: addr =
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15], from =
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*>, rcpt =
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*>
> Nov  6 06:31:03 dsm milter-greylist[852]: Mail from=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, rcpt=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 131 continue from_re /.*/ [addheader "X-Greylist: inspected by %V
> for IP:'%i' DOMAIN:'%d' HELO:'%h' FROM:'%f' RCPT:'%r'"]
> Nov  6 06:31:03 dsm milter-greylist[852]: Mail from=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, rcpt=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 146 greylist [maxpeek -1] default
> Nov  6 06:31:03 dsm milter-greylist[852]: created:  151.0.76.15 from
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*> to
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*> delayed for 00:30:00
> Nov  6 06:31:03 dsm milter-greylist[852]: wA6BUrNX018110: addr
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] from
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*> to
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*> delayed for 00:30:00
> (ACL 146)
> Nov  6 06:31:03 dsm sendmail[18110]: wA6BUrNX018110: Milter:
> to=<*user@ourdomain.edu <mailto:user@ourdomain.edu>*>, reject=451 4.7.1
> Greylisting in action, please come back later
> Nov  6 06:31:04 dsm sendmail[18110]: wA6BUrNX018110:
> from=<*user@ourdomain.edu <mailto:user@ourdomain.edu>*>, size=0,
> class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
> relay=apn-151-0-76-15.vodafone.hu <http://apn-151-0-76-15.vodafone.hu>
> [151.0.76.15]
> Nov  6 06:31:04 dsm milter-greylist[852]: (local): 58.175.243.70 from
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*> to
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*>: greylisted entry
> timed out
> Nov  6 06:31:19 dsm milter-greylist[852]: wA6BV9tS018148: addr =
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15], from =
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*>, rcpt =
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*>
> Nov  6 06:31:19 dsm milter-greylist[852]: Mail from=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, rcpt=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 131 continue from_re /.*/ [addheader "X-Greylist: inspected by %V
> for IP:'%i' DOMAIN:'%d' HELO:'%h' FROM:'%f' RCPT:'%r'"]
> Nov  6 06:31:19 dsm milter-greylist[852]: Mail from=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, rcpt=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 146 greylist [maxpeek -1] default
> Nov  6 06:31:19 dsm milter-greylist[852]: wA6BV9tS018148: addr
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] from
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*> to
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*> delayed for 00:29:44
> (ACL 146)
> Nov  6 06:31:19 dsm sendmail[18148]: wA6BV9tS018148: Milter:
> to=<*user@ourdomain.edu <mailto:user@ourdomain.edu>*>, reject=451 4.7.1
> Greylisting in action, please come back later
> Nov  6 06:31:20 dsm sendmail[18148]: wA6BV9tS018148:
> from=<*user@ourdomain.edu <mailto:user@ourdomain.edu>*>, size=0,
> class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
> relay=apn-151-0-76-15.vodafone.hu <http://apn-151-0-76-15.vodafone.hu>
> [151.0.76.15]
> Nov  6 06:31:30 dsm milter-greylist[852]: wA6BVKfk018169: addr =
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15], from =
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*>, rcpt =
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*>
> Nov  6 06:31:30 dsm milter-greylist[852]: Mail from=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, rcpt=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 131 continue from_re /.*/ [addheader "X-Greylist: inspected by %V
> for IP:'%i' DOMAIN:'%d' HELO:'%h' FROM:'%f' RCPT:'%r'"]
> Nov  6 06:31:30 dsm milter-greylist[852]: Mail from=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, rcpt=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 146 greylist [maxpeek -1] default
> Nov  6 06:31:30 dsm milter-greylist[852]: wA6BVKfk018169: addr
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] from
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*> to
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*> delayed for 00:29:33
> (ACL 146)
> Nov  6 06:31:30 dsm sendmail[18169]: wA6BVKfk018169: Milter:
> to=<*user@ourdomain.edu <mailto:user@ourdomain.edu>*>, reject=451 4.7.1
> Greylisting in action, please come back later
> Nov  6 06:31:30 dsm sendmail[18169]: wA6BVKfk018169:
> from=<*user@ourdomain.edu <mailto:user@ourdomain.edu>*>, size=0,
> class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
> relay=apn-151-0-76-15.vodafone.hu <http://apn-151-0-76-15.vodafone.hu>
> [151.0.76.15]
> Nov  6 06:31:41 dsm milter-greylist[852]: wA6BVUJJ018195: addr =
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15], from =
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*>, rcpt =
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*>
> Nov  6 06:31:41 dsm milter-greylist[852]: Mail from=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, rcpt=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 131 continue from_re /.*/ [addheader "X-Greylist: inspected by %V
> for IP:'%i' DOMAIN:'%d' HELO:'%h' FROM:'%f' RCPT:'%r'"]
> Nov  6 06:31:41 dsm milter-greylist[852]: Mail from=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, rcpt=<*user@ourdomain.edu
> <mailto:user@ourdomain.edu>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 146 greylist [maxpeek -1] default
> Nov  6 06:31:41 dsm milter-greylist[852]: wA6BVUJJ018195: addr
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] from
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*> to
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*> delayed for 00:29:22
> (ACL 146)
> Nov  6 06:31:41 dsm sendmail[18195]: wA6BVUJJ018195: Milter:
> to=<*user@ourdomain.edu <mailto:user@ourdomain.edu>*>, reject=451 4.7.1
> Greylisting in action, please come back later
> Nov  6 06:31:41 dsm sendmail[18195]: wA6BVUJJ018195:
> from=<*user@ourdomain.edu <mailto:user@ourdomain.edu>*>, size=0,
> class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
> relay=apn-151-0-76-15.vodafone.hu <http://apn-151-0-76-15.vodafone.hu>
> [151.0.76.15]
> Nov  6 10:20:59 dsm milter-greylist[852]: (local): 45.245.246.199 from
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*> to
> <*user@ourdomain.edu <mailto:user@ourdomain.edu>*>: greylisted entry
> timed out
> 
> 
> 
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
> 



["signature.asc" (application/pgp-signature)]



_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic