• Use Fail2ban and Postscreen to Fight Botnet Connections to Postfix
    Robots attacking a fence

    I noticed multiple unsuccessful connection attempts in my postfix server from various IPs. The EHLO response varies but many of them respond as "User\r\n". See the following log entries from my /var/log/postfix.log file...

    Nov 10 19:20:58 mail postfix/postscreen[18652]: COMMAND PIPELINING from [162.142.125.10]:57044 after ??????: 6\2
    Nov 10 19:20:57 mail postfix/postscreen[18652]: COMMAND PIPELINING from [162.142.125.10]:46298 after ??????: W\
    Nov  6 05:57:36 mail postfix/postscreen[15159]: PREGREET 11 after 0.12 from [147.78.103.88]:56690: EHLO User\r\n
    Oct 30 04:05:40 mail postfix/postscreen[8417]: PREGREET 11 after 0.13 from [87.120.84.90]:58426: EHLO User\r\n
    Oct 30 04:54:26 mail postfix/postscreen[9258]: PREGREET 11 after 0.13 from [87.120.84.90]:51143: EHLO User\r\n

    As you can see, these connection attempts are coming from many different IP addresses. The best way to handle these attempts is with a custom Fail2ban rule that can match against the EHLO response. Fail2ban is log monitoring software that is able to take action when it matches a rule. These actions can vary but the default is to "ban" the IP and/or port by creating a rule in iptables. I will walk through the setup of this custom Fail2ban rule and the subsequent testing and verifying of the rule.

    Read more …

  • Using Cloudflare for Synology DDNS and SSL
    burglar holding a phone with cloudflare logo
    Cloudflare is not on the list of built in DDNS providers in Synology DSM 7. Don't fret though, you can add it manually by following this guide and using a script that is linked within. This allows your DNS record at Cloudflare to dynamically update with your IP address. For Certificates, we will use the great acme.sh (https://github.com/acmesh-official/acme.sh/wiki/Synology-NAS-Guide), script for SSL and certificate creation and renewals.
    Read on for a full guide to configure DDNS and SSL on Synology DSM 

    Read more …

  • Setup Postfix as a Send-Only External SMTP Relay
    mouse with mail falling out of its bag

    Self-hosting a mail server can be a great learning experience. I recently set up an email server using Docker Mail-Server and I ran into an issue with outgoing mail where my public IP was on a policy blocklist. This caused almost all of my outgoing emails to be blocked. If you are faced with this problem, there are two directions you can go. You can sign up for an SMTP service, some are even free up to a certain number of emails, or you can run a postfix relay in a VPS. I like to have control of the underlying infrastructure, so I went with the latter. This guide will walk you through how to configure the Postfix relay server on the VPS so that it only accepts mail from your mail server's IP or from a server with a certificate that matches your mail server's hostname.

    Read more …

Latest Comments