Milter-greylist

Again as I have no answer and I would like to set this before the weekend,that is when we get attacked,

I will open a new topic:

9 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2016�\u0433. 12:35:47 CEST, "Serge Stepanov serhioz@... [milter-greylist]" <milter-greylist@yahoogroups.com> \u043f\u0438\u0448\u0435\u0442:
>use
>
>racl whitelist auth /.*/
>dacl whitelist auth /.*/
>
>wherever you want to skip auth users
>
>
>On Fri, Sep 9, 2016 at 1:28 PM, maren.zubizarreta@...
>[milter-greylist] <
>milter-greylist@yahoogroups.com> wrote:
>
>>
>>
>>
>> Again as I have no answer and I would like to set this before the
>> weekend,that is when we get attacked,
>>
>> I will open a new topic:
>>
>>
>> I have successfully tested my rules (copied from Can's) to ratelimit
>> authenticated users
>> For these rules to be applied I have to set "noauth", but then all
>other
>> rules that I had before (such as default greylisting) are applied to
>> authenticated users. Is there a way to organice the rules to avoid
>this?.
>>
>>
>> I mean, enabling the noauth at the end of my previous file, and
>adding at
>> the end the new rules for authenticated users, would do the job?
>>
>> Something Else?
>>
>>    Thanks
>>
>>     Maren
>>
>>
>> 
>>

Do you get attacked on a schedule? ;)

Don't you have a policy to block access to accounts caught spamming - whether due to compromise or malice? If you have some broken already, change passwords until you discuss it with the user to change back. If you expect some to be broken every weekend, revise password complexity rules, set up starttls/ssl to avoid sniffing, etc.

Jim

--
Typos courtesy of K-9 Mail on my Samsung Android

Hi,

On 2016-09-09 13:21, maren.zubizarreta@... [milter-greylist] wrote:
> Ups:
> 
>  Again, after testing it I have had an aditional problem, as this
> doesn't work:
> 
> racl greylist not auth /.*/ default
> 
> I get an error for the deafult police, so I need another workaround or
> another way to write this default rule.

I played a little bit with a testhost, which receives mail as incoming 
server from internal and external and offers smtp auth to send mail for 
authenticated users.

This is working for me. Authenticated users don't run into whitelisting 
and are ratelimit resticted, while normal incoming mails are 
whitelisted. Hope there is not a logical mistake in this setup?!

---------------
noauth

# Limit Test
list "MY_NETWORKS" addr { 192.168.101.0/24}
ratelimit "limite_1H" rcpt 2 / 5m key "%M{auth_authen}"
sm_macro "null" "{auth_authen}" unset
racl blacklist not sm_macro "null" not list "MY_NETWORKS" ratelimit 
"limite_1H" msg "Quota exceeded. You talk too much %M{auth_authen}"

racl whitelist auth /.*/
dacl whitelist auth /.*/
---------------

Ciao
Marcus

On 2016-09-09 17:43, Marcus Schopen lists-yahoogroups@... 
[milter-greylist] wrote:
> Hi,
> 
> On 2016-09-09 13:21, maren.zubizarreta@... [milter-greylist] wrote:
>> Ups:
>> 
>> Again, after testing it I have had an aditional problem, as this
>> doesn't work:
>> 
>> racl greylist not auth /.*/ default
>> 
>> I get an error for the deafult police, so I need another workaround
> or
>> another way to write this default rule.
> 
> I played a little bit with a testhost, which receives mail as incoming
> 
> server from internal and external and offers smtp auth to send mail
> for
> authenticated users.
> 
> This is working for me. Authenticated users don't run into
> whitelisting
> and are ratelimit resticted, while normal incoming mails are
> whitelisted. Hope there is not a logical mistake in this setup?!
> 
> ---------------
> noauth
> 
> # Limit Test
> list "MY_NETWORKS" addr { 192.168.101.0/24}
> ratelimit "limite_1H" rcpt 2 / 5m key "%M{auth_authen}"
> sm_macro "null" "{auth_authen}" unset
> racl blacklist not sm_macro "null" not list "MY_NETWORKS" ratelimit
> "limite_1H" msg "Quota exceeded. You talk too much %M{auth_authen}"
> 
> racl whitelist auth /.*/
> dacl whitelist auth /.*/
> ---------------

Hmm ... the blacklist will cause a 5.7.1 error. As I understand this is 
not a tempfail. If the authenticated client is a spooling mailserver the 
mail will reject and not resent in the next ratelimit window, right? How 
to not blacklist, but tempfail?

Ciao
Marcus

On 2016-09-09 18:07, Marcus Schopen lists-yahoogroups@... 
[milter-greylist] wrote:
>> ---------------
>> noauth
>> 
>> # Limit Test
>> list "MY_NETWORKS" addr { 192.168.101.0/24}
>> ratelimit "limite_1H" rcpt 2 / 5m key "%M{auth_authen}"
>> sm_macro "null" "{auth_authen}" unset
>> racl blacklist not sm_macro "null" not list "MY_NETWORKS" ratelimit
>> "limite_1H" msg "Quota exceeded. You talk too much %M{auth_authen}"
>> 
>> racl whitelist auth /.*/
>> dacl whitelist auth /.*/
>> ---------------
> 
> Hmm ... the blacklist will cause a 5.7.1 error. As I understand this
> is
> not a tempfail. If the authenticated client is a spooling mailserver
> the
> mail will reject and not resent in the next ratelimit window, right?
> How
> to not blacklist, but tempfail?


This seems to work with tempfail codes:

racl blacklist not sm_macro "null" not list "MY_NETWORKS" ratelimit 
"limite_1H" code "451" ecode "4.7.1" msg "Quota exceeded. You talk too 
much %M{auth_authen}"

Ciao!
Marcus

maren.zubizarreta@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

>  racl greylist not auth /.*/ default

/.*/ matches an empty value, that may be your problem.
What about /./ ?


-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

maren.zubizarreta@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

>  racl greylist not auth /./ default 
>  
> 
>  but that doesn't work (milter-greylist won't run), "config error at line
> 285: syntax error"

The default keyword is intended to be a catch-all. Hence it cannot be
used with a condition. Use this instead:

racl whitelist auth /./
racl greylist default


-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...