Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Protect Postfix/IMAP
« previous
next »
Print
Pages: [
1
]
Author
Topic: Protect Postfix/IMAP (Read 4399 times)
PotatoCarl
Full Member
Posts: 134
Karma: 5
Protect Postfix/IMAP
«
on:
September 06, 2019, 12:13:49 pm »
Hi
I wonder if there is a way to protect additionally the connection to the postfix/imap daemon in my network, like a sanitazion proxy or such. I only allow SSL connections, but still get a huge amount of failed auths.
Of course I still need to check email from the outside, but maybe someone has an idea (except VPN, which is what I probably will be using if any other methods will be Snakeoil).
VPN is however adding a layer of support for the road warriors, so I try to get around that.
Thanks.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Protect Postfix/IMAP
«
Reply #1 on:
September 06, 2019, 12:25:03 pm »
nginx can inspect mail protocols (the plugin has it currently not implemented but it exists) and you have the option to use the postfix plugin for (E)SMTP which rspamd as milter, which should as well avoid some spam.
Logged
ruggerio
Sr. Member
Posts: 295
Karma: 11
Re: Protect Postfix/IMAP
«
Reply #2 on:
September 06, 2019, 01:32:30 pm »
Hi,
There is an open ticket on github for this.
i have meanwhile fail2ban on my servers installed, which block ips with more than 3 failed logins completely on the route.
unfortunately, i am not that experienced. But since opnsense now with syslogd should have to possibility to receive logs from a mailserver, i plan (not in short time) to have my mailservers logging to opnsense also and havng opnsense blocking the ips.
I have not yet tried and cannot confirm if its working. In my mind, it should
Logged
marcri
Jr. Member
Posts: 60
Karma: 5
Re: Protect Postfix/IMAP
«
Reply #3 on:
September 06, 2019, 01:33:26 pm »
fail2ban is perfect for blocking clients with failed auths
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: Protect Postfix/IMAP
«
Reply #4 on:
October 30, 2019, 10:20:45 am »
Thanks, I will give failban a try.
Logged
actionhenkt
Jr. Member
Posts: 50
Karma: 2
Re: Protect Postfix/IMAP
«
Reply #5 on:
November 04, 2019, 08:55:01 pm »
Maybe you can also set up an url alias to a blocklist and put that on a "block in" on the wan of your open ports. Im using the OTX list:
https://reputation.alienvault.com/reputation.generic
doesnt block alot but it helps against known ips
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: Protect Postfix/IMAP
«
Reply #6 on:
November 06, 2019, 09:51:02 am »
I have some block lists enabled, mostly geographically, as the mail server is only used by our staff (we have a different uplink). I basically want to make sure that any known or unknown security flaw of cyrus or postfix is at last partially deflected. I also see that it is kind of difficult, but it looks like fail2ban might be an option. Just have to understand the configuration and how to implement it on our mailserver without locking myself out ;-)
Logged
actionhenkt
Jr. Member
Posts: 50
Karma: 2
Re: Protect Postfix/IMAP
«
Reply #7 on:
November 06, 2019, 10:24:02 pm »
You can whitelist your IP in the jail.conf using the
ignoreip = xxx.xxx.xxx.xxx/24
You can test if an ip would get blocked before using it in a jail
fail2ban-regex /var/log/<yourlog> /etc/fail2ban/filter.d/<yourjailfilter.conf>
it will show you if it matches with your regex.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Protect Postfix/IMAP