Re: [Users] [ Zimbra / Postfix ] limit connexion per smtp connection authentified

[Barry de Graaff]

Maybe you can try this: 
https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen


On 09/12/2022 17:14, Justin Petermann wrote:
> Hello,
>
> We have a recurrent problem with corrupted password account over smtp. 
> (2 times after a f..king phishing last week, IPs reputation take a lot)
>
> Postfix permit to send multiple message over one connexion after 
> authentification (same without, but the real problem is with 
> authentification).
>
> For example :
>
> send: 'ehlo dante.exoca.fr\r\n'
> reply: b'250-lab-zimbra-spam.exoca.fr\r\n'
> reply: b'250-PIPELINING\r\n'
> reply: b'250-SIZE 10240000\r\n'
> reply: b'250-VRFY\r\n'
> reply: b'250-ETRN\r\n'
> reply: b'250-STARTTLS\r\n'
> reply: b'250-AUTH LOGIN PLAIN\r\n'
> reply: b'250-AUTH=LOGIN PLAIN\r\n'
> reply: b'250-ENHANCEDSTATUSCODES\r\n'
> reply: b'250-8BITMIME\r\n'
> reply: b'250-DSN\r\n'
> reply: b'250 CHUNKING\r\n'
> reply: retcode (250); Msg: 
> b'lab-zimbra-spam.exoca.fr\nPIPELINING\nSIZE 
> 10240000\nVRFY\nETRN\nSTARTTLS\nAUTH LOGIN PLAIN\nAUTH=LOGIN 
> PLAIN\nENHANCEDSTATUSCODES\n8BITMIME\nDSN\nCHUNKING'
> send: 'AUTH PLAIN xxxXXXXXxxxx\r\n'
> reply: b'235 2.7.0 Authentication successful\r\n'
> reply: retcode (235); Msg: b'2.7.0 Authentication successful'
> send: 'mail FROM:<jp at lab-zimbra-spam.exoca.fr> size=81\r\n'
> reply: b'250 2.1.0 Ok\r\n'
> reply: retcode (250); Msg: b'2.1.0 Ok'
> send: 'rcpt TO:<jp at lab-zimbra-spam.exoca.fr>\r\n'
> reply: b'250 2.1.5 Ok\r\n'
> reply: retcode (250); Msg: b'2.1.5 Ok'
> send: 'data\r\n'
> reply: b'354 End data with <CR><LF>.<CR><LF>\r\n'
> reply: retcode (354); Msg: b'End data with <CR><LF>.<CR><LF>'
> data: (354, b'End data with <CR><LF>.<CR><LF>')
> send: b'Subject: Envoi 2022-12-09T16:33:40.031235 0\r\n\r\nEnvoi 
> 2022-12-09T16:33:40.031235 0\r\n.\r\n'
> reply: b'250 2.0.0 Ok: queued as 15EBE83C54\r\n'
> reply: retcode (250); Msg: b'2.0.0 Ok: queued as 15EBE83C54'
> data: (250, b'2.0.0 Ok: queued as 15EBE83C54')
> send: 'mail FROM:<jp at lab-zimbra-spam.exoca.fr> size=81\r\n'
> reply: b'250 2.1.0 Ok\r\n'
> reply: retcode (250); Msg: b'2.1.0 Ok'
> send: 'rcpt TO:<jp at lab-zimbra-spam.exoca.fr>\r\n'
> reply: b'250 2.1.5 Ok\r\n'
> reply: retcode (250); Msg: b'2.1.5 Ok'
> send: 'data\r\n'
> reply: b'354 End data with <CR><LF>.<CR><LF>\r\n'
> reply: retcode (354); Msg: b'End data with <CR><LF>.<CR><LF>'
> data: (354, b'End data with <CR><LF>.<CR><LF>')
> send: b'Subject: Envoi 2022-12-09T16:33:40.031235 1\r\n\r\nEnvoi 
> 2022-12-09T16:33:40.031235 1\r\n.\r\n'
> reply: b'250 2.0.0 Ok: queued as 18A7A83C59\r\n'
> reply: retcode (250); Msg: b'2.0.0 Ok: queued as 18A7A83C59'
> data: (250, b'2.0.0 Ok: queued as 18A7A83C59')
> send: 'mail FROM:<jp at lab-zimbra-spam.exoca.fr> size=81\r\n'
> reply: b'250 2.1.0 Ok\r\n'
> reply: retcode (250); Msg: b'2.1.0 Ok'
> send: 'rcpt TO:<jp at lab-zimbra-spam.exoca.fr>\r\n'
> reply: b'250 2.1.5 Ok\r\n'
> reply: retcode (250); Msg: b'2.1.5 Ok'
> send: 'data\r\n'
> reply: b'354 End data with <CR><LF>.<CR><LF>\r\n'
> reply: retcode (354); Msg: b'End data with <CR><LF>.<CR><LF>'
> data: (354, b'End data with <CR><LF>.<CR><LF>')
> send: b'Subject: Envoi 2022-12-09T16:33:40.031235 2\r\n\r\nEnvoi 
> 2022-12-09T16:33:40.031235 2\r\n.\r\n'
> reply: b'250 2.0.0 Ok: queued as 1B22E83C60\r\n'
> reply: retcode (250); Msg: b'2.0.0 Ok: queued as 1B22E83C60'
> data: (250, b'2.0.0 Ok: queued as 1B22E83C60')
> send: 'quit\r\n'
> reply: b'221 2.0.0 Bye\r\n'
> reply: retcode (221); Msg: b'2.0.0 Bye'
>
> You can try this python code :
>
> #!/usr/bin/env python3
> importsmtplib
> importtime
> importdatetime
> host = 'lab-zimbra-spam.exoca.fr'
> username= 'jp at lab-zimbra-spam.exoca.fr'
> password= 'xxxXXXXxxxx'
> fromaddr= username
> toaddrs= [username]
> server= smtplib.SMTP(f"{host}:587")
> #server.starttls()
> #server = smtplib.SMTP_SSL(f"{host}:465")
> server.set_debuglevel(1)
> server.login(username, password)
> count= 3
> pool= datetime.datetime.now().isoformat()
> foriinrange(count):
> subject= content= f"Sended message {pool}{i}"
> msg= f"Subject: {subject}\n\n{content}"
> server.sendmail(fromaddr, toaddrs, msg)
> server.quit()
>
> in local, no problem to send 500 emails in 3 seconds...
>
> Like is an only one connexion, after the connexion and auth done, auth 
> is not need. Lock account do nothing. The tcp connexion is established 
> so blacklist IP from firewall do nothing. we must do a "zmmtactl stop" 
> and "zmmtactl start" (zmmtactl reload don't kill the connection). We 
> could certainly make a postfix stop / start.
>
> It seems that should be smtp cache connection :
>
> https://www.postfix.org/CONNECTION_CACHE_README.html
>
> But disabling theses options do nothing:
>
>  - smtp_connection_cache_on_demand = no
>
> - smtp_connection_cache_destinations = hotmail.com (to limit the 
> destination domain)
>
> but also :
>
> - smtpd_client_connection_rate_limit=2
>
> - smtpd_client_message_rate_limit=2
>
> the Problem is that sould be in connection cache but the solution 
> seems to be elsewhere.
>
> Is any body already as this problem ? find a solution ?
>
> best regards,
>
> 	<https://www.exoca.fr>
> 	
> Justin
> *PETERMANN*
> Développement web & Services hébergés
> 8/10, rue Jean XXIII, 80000 AMIENS 
> <https://www.google.com/maps/place/EXOCA+-+Solutions+Web+et+H%C3%A9bergement/@49.8941485,2.3065799,15z/data=!4m5!3m4!1s0x0:0x6c8a0774bc1607ff!8m2!3d49.8941485!4d2.3065799>
> +33(0)3 22 22 05 85 / +33(0)6 61 25 76 06
> jp at exoca.fr <mailto:%20jp at exoca.fr>
> www.exoca.fr <https://www.exoca.fr>
>
> Les e-mails que je pourrais envoyer pendant les périodes de repos ou 
> de congés ne requiàrent pas de réponse immédiate.
> Ce message et toutes les pièces jointes sont établis à l'attention 
> exclusive de ses destinataires et sont confidentiels.
> Si vous recevez ce message par erreur, merci de le détruire et d'en 
> avertir immédiatement l'expéditeur.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20221209/763322eb/attachment-0001.html>