New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New jail for postfix: screendnsbl #3545
base: master
Are you sure you want to change the base?
Conversation
any update on this PR |
@@ -52,6 +52,10 @@ mdre-aggressive = %(mdre-auth2)s | |||
mdpr-errors = too many errors after \S+ | |||
mdre-errors = ^from [^[]*\[<HOST>\]%(_port)s$ | |||
|
|||
# Extra mode "screendnsbl", triggered on postfix/postscreen[<PID>]: DNSBL rank <NUM> for [<HOST>]:<PORT> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess it is wrong mode name for DNS-based Blackhole List, correct would be dnsbl
, but much better why not combine it with rbl
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
intention was to implement an optional feature, not extending/overwriting existing definitions leading to by others unexpected behavior
@@ -599,6 +599,16 @@ backend = %(postfix_backend)s | |||
maxretry = 1 | |||
|
|||
|
|||
[postfix-screendnbl] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm still unsure it'd really expect a new jail.
I know there is one for RBL, but it is more for backwards compatibility reasons, however obsolete since mode rbl is included in mode normal too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
intention was to implement an optional feature, not extending/overwriting existing definitions leading to by others unexpected behavior
26c0e52
to
f57844e
Compare
this extension adds a new postfix jail which can be optionally dedicated enabled.
It is triggered by a log line like
It catches a lot of unwanted connections and log volume decreased a lot.