NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: blacklistd not reacting to postfix/smtpd AUTH failures



iMil> smtpd is indeed linked over libblacklist:
iMil>
iMil> $ ldd /usr/libexec/postfix/smtpd |grep black
iMil>          -lblacklist.0 => /usr/lib/libblacklist.so.0

iMil> Anything I am missing here?

A daemon may well notify blacklistd about a possible attack at some
places along the code path but not at others, even when an issue
gets logged at the "other" place.  In particular, the blacklist(3)
API requires the connection to the client to be still active when
registering an mis-behavior.  This is a bit stupid, IMHO, because
it prevents the blacklist registration of any clients which pull
out early.

I had noticed this with sshd: it just logged lots of "client closed
connection [preauth]" probes without notifying blacklistd.  A look
into the sshd source showed that this was a case of "fd already
closed" and not fixable.

In fact, only allowing public key access kept many stupid clients
knocking at the door.  Allowing password-based access gets rid of
them quickly because those attempts *do* trigger blacklistd.

You have to check the smtpd source to see if blacklist{,_r,_sa}
could be called at the point where the issue is logged.

						Martin Neitzel


Home | Main Index | Thread Index | Old Index