[Users] [ Zimbra / Postfix ] limit connexion per smtp connection authentified
Justin Petermann
jp at exoca.fr
Sat Dec 10 09:05:27 CET 2022
Hello,
Thank you for you answer.
I don't think the problem can be resolved with RBL and Whitelist/Blacklist.
The postscreen filter at connection and the IPs used by Spammers are not rbl blacklisted (they are hidden behind good public IPs :(). The blacklist will arrive to late, when we see it and add to blacklist.
The second problem is that use RBL for our SMTP authentified will add others problem, some our customers are in Africa and range IPs are often blacklisted.
ps: sorry for my poor english.
Best Regards, [ https://www.exoca.fr/ ]
Justin
PETERMANN
Développement web & Services hébergés
[ https://www.google.com/maps/place/EXOCA+-+Solutions+Web+et+H%C3%A9bergement/@49.8941485,2.3065799,15z/data=!4m5!3m4!1s0x0:0x6c8a0774bc1607ff!8m2!3d49.8941485!4d2.3065799 | 8/10, rue Jean XXIII, 80000 AMIENS ]
+33(0)3 22 22 05 85 / +33(0)6 61 25 76 06
[ mailto:%20jp at exoca.fr | jp at exoca.fr ]
[ https://www.exoca.fr/ | www.exoca.fr ]
Les e-mails que je pourrais envoyer pendant les périodes de repos ou de congés ne requiàrent pas de réponse immédiate.
Ce message et toutes les pièces jointes sont établis à l'attention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur.
De: "Barry de Graaff" <info at barrydegraaff.nl>
À: "Justin PETERMANN" <jp at exoca.fr>, "users" <users at lists.zetalliance.org>
Cc: "Christophe DUBOURGET" <cd at exoca.fr>, "Flavien ALLARD" <fa at exoca.Fr>
Envoyé: Vendredi 9 Décembre 2022 18:03:59
Objet: Re: [Users] [ Zimbra / Postfix ] limit connexion per smtp connection authentified
Maybe you can try this: [ https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen | https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen ]
On 09/12/2022 17:14, Justin Petermann wrote:
Hello,
We have a recurrent problem with corrupted password account over smtp. (2 times after a f..king phishing last week, IPs reputation take a lot)
Postfix permit to send multiple message over one connexion after authentification (same without, but the real problem is with authentification).
For example :
send: 'ehlo dante.exoca.fr\r\n'
reply: b'250-lab-zimbra-spam.exoca.fr\r\n'
reply: b'250-PIPELINING\r\n'
reply: b'250-SIZE 10240000\r\n'
reply: b'250-VRFY\r\n'
reply: b'250-ETRN\r\n'
reply: b'250-STARTTLS\r\n'
reply: b'250-AUTH LOGIN PLAIN\r\n'
reply: b'250-AUTH=LOGIN PLAIN\r\n'
reply: b'250-ENHANCEDSTATUSCODES\r\n'
reply: b'250-8BITMIME\r\n'
reply: b'250-DSN\r\n'
reply: b'250 CHUNKING\r\n'
reply: retcode (250); Msg: b'lab-zimbra-spam.exoca.fr\nPIPELINING\nSIZE 10240000\nVRFY\nETRN\nSTARTTLS\nAUTH LOGIN PLAIN\nAUTH=LOGIN PLAIN\nENHANCEDSTATUSCODES\n8BITMIME\nDSN\nCHUNKING'
send: 'AUTH PLAIN xxxXXXXXxxxx\r\n'
reply: b'235 2.7.0 Authentication successful\r\n'
reply: retcode (235); Msg: b'2.7.0 Authentication successful'
send: 'mail FROM: [ mailto:jp at lab-zimbra-spam.exoca.fr | <jp at lab-zimbra-spam.exoca.fr> ] size=81\r\n'
reply: b'250 2.1.0 Ok\r\n'
reply: retcode (250); Msg: b'2.1.0 Ok'
send: 'rcpt TO: [ mailto:jp at lab-zimbra-spam.exoca.fr | <jp at lab-zimbra-spam.exoca.fr> ] \r\n'
reply: b'250 2.1.5 Ok\r\n'
reply: retcode (250); Msg: b'2.1.5 Ok'
send: 'data\r\n'
reply: b'354 End data with <CR><LF>.<CR><LF>\r\n'
reply: retcode (354); Msg: b'End data with <CR><LF>.<CR><LF>'
data: (354, b'End data with <CR><LF>.<CR><LF>')
send: b'Subject: Envoi 2022-12-09T16:33:40.031235 0\r\n\r\nEnvoi 2022-12-09T16:33:40.031235 0\r\n.\r\n'
reply: b'250 2.0.0 Ok: queued as 15EBE83C54\r\n'
reply: retcode (250); Msg: b'2.0.0 Ok: queued as 15EBE83C54'
data: (250, b'2.0.0 Ok: queued as 15EBE83C54')
send: 'mail FROM: [ mailto:jp at lab-zimbra-spam.exoca.fr | <jp at lab-zimbra-spam.exoca.fr> ] size=81\r\n'
reply: b'250 2.1.0 Ok\r\n'
reply: retcode (250); Msg: b'2.1.0 Ok'
send: 'rcpt TO: [ mailto:jp at lab-zimbra-spam.exoca.fr | <jp at lab-zimbra-spam.exoca.fr> ] \r\n'
reply: b'250 2.1.5 Ok\r\n'
reply: retcode (250); Msg: b'2.1.5 Ok'
send: 'data\r\n'
reply: b'354 End data with <CR><LF>.<CR><LF>\r\n'
reply: retcode (354); Msg: b'End data with <CR><LF>.<CR><LF>'
data: (354, b'End data with <CR><LF>.<CR><LF>')
send: b'Subject: Envoi 2022-12-09T16:33:40.031235 1\r\n\r\nEnvoi 2022-12-09T16:33:40.031235 1\r\n.\r\n'
reply: b'250 2.0.0 Ok: queued as 18A7A83C59\r\n'
reply: retcode (250); Msg: b'2.0.0 Ok: queued as 18A7A83C59'
data: (250, b'2.0.0 Ok: queued as 18A7A83C59')
send: 'mail FROM: [ mailto:jp at lab-zimbra-spam.exoca.fr | <jp at lab-zimbra-spam.exoca.fr> ] size=81\r\n'
reply: b'250 2.1.0 Ok\r\n'
reply: retcode (250); Msg: b'2.1.0 Ok'
send: 'rcpt TO: [ mailto:jp at lab-zimbra-spam.exoca.fr | <jp at lab-zimbra-spam.exoca.fr> ] \r\n'
reply: b'250 2.1.5 Ok\r\n'
reply: retcode (250); Msg: b'2.1.5 Ok'
send: 'data\r\n'
reply: b'354 End data with <CR><LF>.<CR><LF>\r\n'
reply: retcode (354); Msg: b'End data with <CR><LF>.<CR><LF>'
data: (354, b'End data with <CR><LF>.<CR><LF>')
send: b'Subject: Envoi 2022-12-09T16:33:40.031235 2\r\n\r\nEnvoi 2022-12-09T16:33:40.031235 2\r\n.\r\n'
reply: b'250 2.0.0 Ok: queued as 1B22E83C60\r\n'
reply: retcode (250); Msg: b'2.0.0 Ok: queued as 1B22E83C60'
data: (250, b'2.0.0 Ok: queued as 1B22E83C60')
send: 'quit\r\n'
reply: b'221 2.0.0 Bye\r\n'
reply: retcode (221); Msg: b'2.0.0 Bye'
You can try this python code :
#!/usr/bin/env python3
import smtplib
import time
import datetime
host = ' lab-zimbra-spam.exoca.fr '
username = ' [ mailto:jp at lab-zimbra-spam.exoca.fr | jp at lab-zimbra-spam.exoca.fr ] '
password = 'xxxXXXXxxxx'
fromaddr = username
toaddrs = [ username ]
server = smtplib . SMTP ( f"{host}:587" )
#server.starttls()
#server = smtplib.SMTP_SSL( f"{host}:465" )
server . set_debuglevel ( 1 )
server . login ( username , password )
count = 3
pool = datetime . datetime . now (). isoformat ()
for i in range ( count ):
subject = content = f "Sended message { pool } { i } "
msg = f "Subject: { subject } \n\n { content } "
server . sendmail ( fromaddr , toaddrs , msg )
server . quit ()
in local, no problem to send 500 emails in 3 seconds...
Like is an only one connexion, after the connexion and auth done, auth is not need. Lock account do nothing. The tcp connexion is established so blacklist IP from firewall do nothing. we must do a "zmmtactl stop" and "zmmtactl start" (zmmtactl reload don't kill the connection). We could certainly make a postfix stop / start.
It seems that should be smtp cache connection :
[ https://www.postfix.org/CONNECTION_CACHE_README.html | https://www.postfix.org/CONNECTION_CACHE_README.html ]
But disabling theses options do nothing:
- smtp_connection_cache_on_demand = no
- smtp_connection_cache_destinations = hotmail.com (to limit the destination domain)
but also :
- smtpd_client_connection_rate_limit=2
- smtpd_client_message_rate_limit=2
the Problem is that sould be in connection cache but the solution seems to be elsewhere.
Is any body already had this problem ? find a solution ?
best regards,
[ https://www.exoca.fr/ ]
Justin
PETERMANN
Développement web & Services hébergés
[ https://www.google.com/maps/place/EXOCA+-+Solutions+Web+et+H%C3%A9bergement/@49.8941485,2.3065799,15z/data=!4m5!3m4!1s0x0:0x6c8a0774bc1607ff!8m2!3d49.8941485!4d2.3065799 | 8/10, rue
Jean XXIII, 80000 AMIENS ]
+33(0)3 22 22 05 85 / +33(0)6 61 25 76 06
[ mailto:%20jp at exoca.fr | jp at exoca.fr ]
[ https://www.exoca.fr/ | www.exoca.fr ]
Les e-mails que je pourrais envoyer pendant les périodes de repos ou de congés ne requiàrent pas de réponse immédiate.
Ce message et toutes les pièces jointes sont établis à l'attention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20221210/dae6cf93/attachment-0001.html>
More information about the Users
mailing list