Hi all.
I installed and is using fail2ban after Eric wrote about it long time ago.
It works perfectly and is doing a nice job blocking different attemps on
my server. (Iptables drop ip)
I am using dovecot and is having fail2ban checking the dovecot log for
bad password attempts (amongst
Hi Sergio.
If I am reading Your logfile correct You should try to replace
*vchkpw-pop3: vpopmail user not found* with *vchkpw-smtp: password
fail *and leave everything else.
Change this in the filter.d directory and remember to reload fail2ban (
fail2ban-client reload on the CLI)
Finn Buhelt (kirstineslund) escribió:
Hi Sergio.
If I am reading Your logfile correct You should try to replace
*vchkpw-pop3: vpopmail user not found* with *vchkpw-smtp: password
fail *and leave everything else.
Change this in the filter.d directory and remember to reload fail2ban
(
Finn Buhelt (kirstineslund) escribió:
Hi Sergio.
If I am reading Your logfile correct You should try to replace
*vchkpw-pop3: vpopmail user not found* with *vchkpw-smtp: password
fail *and leave everything else.
Change this in the filter.d directory and remember to reload fail2ban
(
Hi Sergio.
Try to remove the @ sign and give it a go !
Regards
Finn
On 02-03-2011 13:27, Sergio M wrote:
Finn Buhelt (kirstineslund) escribió:
Hi Sergio.
If I am reading Your logfile correct You should try to replace
*vchkpw-pop3: vpopmail user not found* with *vchkpw-smtp: password
Finn Buhelt (kirstineslund) escribió:
Hi Sergio.
If I am reading Your logfile correct You should try to replace
*vchkpw-pop3: vpopmail user not found* with *vchkpw-smtp: password
fail *and leave everything else.
Change this in the filter.d directory and remember to reload fail2ban
(
Hi Sergio.
1.There is a *.conf file somewhere on the net that checks fail2ban's
own logfile and to a certain extend prevent this from happening.(sorry
cann't remember where but will do some investigation and let You kow if
I'm successfull)
2. iptables -D name-of-the-banned -s IP -j
Hi again Sergio.
FYI
fail2ban unbans the IP after X minutes (X is set i the jail.conf either
globally or per 'filter.conf')
/Finn
On 02-03-2011 13:42, Sergio M wrote:
Finn Buhelt (kirstineslund) escribió:
Hi Sergio.
If I am reading Your logfile correct You should try to replace
a page on the wiki sounds like a hero of a thing .
I know that i would like some wisdom on how to implement fail2ban with
my qmailtoaster
On 3/1/2011 9:40 PM, Eric Shubert wrote:
If CJ got it working, then I expect that just about anyone can do it. ;)
JK CJ. Would you care to create a page
Finn Buhelt (kirstineslund) escribió:
Hi again Sergio.
FYI
fail2ban unbans the IP after X minutes (X is set i the jail.conf
either globally or per 'filter.conf')
/Finn
Hi, I am banning them for 1 week, but I wanted to know how to unban
someone right away if a customer complaints.
Thanks!
[from this other thread
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg30514.html
]
As I said, being under SMTP attack I installed fail2ban and created a
set of rules like:
*** jail.conf ***
(...)
[vpopmail]
enabled = true
port = pop3
filter = vpopmail
action =
Sergio M escribió:
[from this other thread
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg30514.html
]
As I said, being under SMTP attack I installed fail2ban and created a
set of rules like:
*** jail.conf ***
(...)
[vpopmail]
enabled = true
port = pop3 filter =
Finn Buhelt (kirstineslund) escribió:
Hi Sergio.
1.There is a *.conf file somewhere on the net that checks
fail2ban's own logfile and to a certain extend prevent this from
happening.(sorry cann't remember where but will do some investigation
and let You kow if I'm successfull)
Finn,
I
On 03/02/2011 06:31 AM, Sergio M wrote:
[from this other thread
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg30514.html
]
As I said, being under SMTP attack I installed fail2ban and created a
set of rules like:
*** jail.conf ***
(...)
[vpopmail]
enabled = true
port = pop3
Eric Shubert escribió:
On 03/02/2011 06:31 AM, Sergio M wrote:
[from this other thread
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg30514.html
]
As I said, being under SMTP attack I installed fail2ban and created a
set of rules like:
*** jail.conf ***
(...)
[vpopmail]
I was trying to update with qtp-newmodel and it timed out getting the latest
clamav-toaster but the script continued any way. Now it of course errors and
stops at building the clamav. Is there a way to force it to download it
again? If I run qtp-newmodel it just says it is already downloaded and
Hi Sergio.
Yep You're right I think that was the one I was thinking on.
I too, think the second one looks very promising - I'll have a closer
look at eh script later on.
Also as You write it's possible to save iptables before reloading
fail2ban - good point - REMEMBER that fail2ban as
On 03/02/2011 09:44 AM, Sergio M wrote:
Eric Shubert escribió:
On 03/02/2011 06:31 AM, Sergio M wrote:
[from this other thread
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg30514.html
]
As I said, being under SMTP attack I installed fail2ban and created a
set of rules
On 03/02/2011 10:10 AM, John Raley wrote:
I was trying to update with qtp-newmodel and it timed out getting the
latest clamav-toaster but the script continued any way. Now it of course
errors and stops at building the clamav. Is there a way to force it to
download it again? If I run qtp-newmodel
Eric Shubert escribió:
You should see:
03-02 10:09:37 tcpserver: status: 0/25
right after you start qmail. If it doesn't drop to 0 when you start
it, then something's wrong. Please check the status message which
corresponds to the start of qmail. If it's not 0/25, please post
several lines
For simple exercise I would run queue repair.
On 03/02/2011 09:22 AM, Sergio M wrote:
Eric Shubert escribió:
You should see:
03-02 10:09:37 tcpserver: status: 0/25
right after you start qmail. If it doesn't drop to 0 when you start
it, then something's wrong. Please check the status message
Eric: hi, sorry im a new here (principiant), wath do you think about
DENYHOST, insted of fail2ban
i use DENYHOST as a service and work good.
Gustavo
2011/3/1 Eric Shubert e...@shubes.net
Yes, but the attacks appear to be coming from a variety of addresses.
fail2ban will do essentially
On 03/02/2011 10:22 AM, Sergio M wrote:
Eric Shubert escribió:
You should see:
03-02 10:09:37 tcpserver: status: 0/25
right after you start qmail. If it doesn't drop to 0 when you start
it, then something's wrong. Please check the status message which
corresponds to the start of qmail. If it's
Hey Gustavo.
I don't know about it, so I have no opinion. Please post a link to more
info. Thanks.
If someone else has some thoughts on this, please chime in.
--
-Eric 'shubes'
On 03/02/2011 10:49 AM, Gustavo De Poli wrote:
Eric: hi, sorry im a new here (principiant), wath do you think
DENYHOST works only for SSHD .
2011/3/2 Eric Shubert e...@shubes.net
Hey Gustavo.
I don't know about it, so I have no opinion. Please post a link to more
info. Thanks.
If someone else has some thoughts on this, please chime in.
--
-Eric 'shubes'
On 03/02/2011 10:49 AM, Gustavo
On 03/02/2011 10:10 AM, John Raley wrote:
I was trying to update with qtp-newmodel and it timed out getting the
latest clamav-toaster but the script continued any way. Now it of course
errors and stops at building the clamav. Is there a way to force it to
download it again? If I run
Hi Sergio.
Sounds like You're having a script that sends mail !
Do You by any chance have a webserver with e-mail forms that can have
been compromised ?
Regards,
Finn
On 02-03-2011 18:22, Sergio M wrote:
Eric Shubert escribió:
You should see:
03-02 10:09:37 tcpserver: status: 0/25
right
Eric Shubert escribió:
On 03/02/2011 10:22 AM, Sergio M wrote:
Eric Shubert escribió:
You should see:
03-02 10:09:37 tcpserver: status: 0/25
right after you start qmail. If it doesn't drop to 0 when you start
it, then something's wrong. Please check the status message which
corresponds to the
Good guess Finn, but they appear to be coming from a wide variety of
addresses.
--
-Eric 'shubes'
On 03/02/2011 11:15 AM, Finn Buhelt (kirstineslund) wrote:
Hi Sergio.
Sounds like You're having a script that sends mail !
Do You by any chance have a webserver with e-mail forms that can have
On 03/02/2011 11:16 AM, Sergio M wrote:
Eric Shubert escribió:
On 03/02/2011 10:22 AM, Sergio M wrote:
Eric Shubert escribió:
You should see:
03-02 10:09:37 tcpserver: status: 0/25
right after you start qmail. If it doesn't drop to 0 when you start
it, then something's wrong. Please check
#!/bin/sh
exec /usr/bin/spamd -x -m 8 -u vpopmail -s stderr 21
That's a good start.
What are your load number looking like? Pretty low I expect.
I'd open that puppy up. You can handle way more than 25 connections.
I'd go back to the default value of 100 for starters, and double the
number
On 03/02/2011 12:04 PM, Sergio M wrote:
#!/bin/sh
exec /usr/bin/spamd -x -m 8 -u vpopmail -s stderr 21
That's a good start.
What are your load number looking like? Pretty low I expect.
I'd open that puppy up. You can handle way more than 25 connections.
I'd go back to the default value of
Eric Shubert escribió:
On 03/02/2011 12:04 PM, Sergio M wrote:
#!/bin/sh
exec /usr/bin/spamd -x -m 8 -u vpopmail -s stderr 21
That's a good start.
What are your load number looking like? Pretty low I expect.
I'd open that puppy up. You can handle way more than 25 connections.
I'd go back
On 03/02/2011 12:32 PM, Sergio M wrote:
Eric Shubert escribió:
On 03/02/2011 12:04 PM, Sergio M wrote:
#!/bin/sh
exec /usr/bin/spamd -x -m 8 -u vpopmail -s stderr 21
That's a good start.
What are your load number looking like? Pretty low I expect.
I'd open that puppy up. You can handle
Eric Shubert escribió:
On 03/02/2011 12:32 PM, Sergio M wrote:
Eric Shubert escribió:
On 03/02/2011 12:04 PM, Sergio M wrote:
#!/bin/sh
exec /usr/bin/spamd -x -m 8 -u vpopmail -s stderr 21
That's a good start.
What are your load number looking like? Pretty low I expect.
I'd open that
On 03/02/2011 12:55 PM, Sergio M wrote:
Eric Shubert escribió:
On 03/02/2011 12:32 PM, Sergio M wrote:
Eric Shubert escribió:
On 03/02/2011 12:04 PM, Sergio M wrote:
#!/bin/sh
exec /usr/bin/spamd -x -m 8 -u vpopmail -s stderr 21
That's a good start.
What are your load number looking
I can say that with 64 concurrencyincoming and 16 spamd childs (and a
magic reboot, just in case)
its now flowing smoothly and the sessions are under 40/64 most of the
time. (for now)
# top
top - 17:19:24 up 43 min, 1 user, load average: 0.55, 0.73, 0.95
Tasks: 269 total, 1 running, 268
On 03/02/2011 01:21 PM, Sergio M wrote:
I can say that with 64 concurrencyincoming and 16 spamd childs (and a
magic reboot, just in case)
its now flowing smoothly and the sessions are under 40/64 most of the
time. (for now)
# top
top - 17:19:24 up 43 min, 1 user, load average: 0.55, 0.73, 0.95
On 03/02/2011 01:21 PM, Sergio M wrote:
I can say that with 64 concurrencyincoming and 16 spamd childs (and a
magic reboot, just in case)
its now flowing smoothly and the sessions are under 40/64 most of the
time. (for now)
# top
top - 17:19:24 up 43 min, 1 user, load average: 0.55, 0.73, 0.95
I am curious why you say it's not a good idea to run a QMT server and a
NS on the same machine?
CJ
On 03/02/2011 12:40 PM, Eric Shubert wrote:
On 03/02/2011 01:21 PM, Sergio M wrote:
I can say that with 64 concurrencyincoming and 16 spamd childs (and a
magic reboot, just in case)
its now
Security and managability.
In addition, QMT is a heavy DNS user, so it's best to run a caching
resolver on the QMT host. It's also a good idea make your authoritative
DNS server (if you run one yourself) separate from your resolver. Hence,
if you have a caching resolver on your QMT, your
The reason I ask is I have successfully been running mine that way for
some time now. I also run a webserver on the same system.
Fingers crossed, now that I said that.
On 03/02/2011 01:35 PM, Eric Shubert wrote:
Security and managability.
In addition, QMT is a heavy DNS user, so it's best to
Hello list,
I'm trying to implement shared folders in dovecot and have received some
help on the dovecot mailing list. I've been told that I should upgrade
to the most recent version of dovecot. Has anyone on the
qmailtoaster-list upgraded to dovecot v2? If so, as I'm used to working
with RPM
On 03/02/2011 06:34 PM, Eric Broch wrote:
Hello list,
I'm trying to implement shared folders in dovecot and have received some
help on the dovecot mailing list. I've been told that I should upgrade
to the most recent version of dovecot. Has anyone on the
qmailtoaster-list upgraded to dovecot
On 3/2/2011 7:48 PM, Eric Shubert wrote:
On 03/02/2011 06:34 PM, Eric Broch wrote:
Hello list,
I'm trying to implement shared folders in dovecot and have received some
help on the dovecot mailing list. I've been told that I should upgrade
to the most recent version of dovecot. Has anyone
+1 on this method but it looks as if the bot has nodes so those ips
need to be blocked also
you can do a range of ips by doing a CDIR notation IE 11.22.33.44/16
= 11.22.00.00 - 11.22.254.254
Be careful with this because you could inadvertently drop legit
mail.
+1000 on this solution.
It works for me. I also have a honeypot that these ips get thrown
into and trapped after so many attempts.
Stupid Hackers LOL:)
--Dave
On 3/1/2011 7:24 PM, Eric Shubert wrote:
Yes,
but the attacks appear to be coming from a
On 3/2/2011 8:37 PM, Eric Broch wrote:
On 3/2/2011 7:48 PM, Eric Shubert wrote:
On 03/02/2011 06:34 PM, Eric Broch wrote:
Hello list,
I'm trying to implement shared folders in dovecot and have received some
help on the dovecot mailing list. I've been told that I should upgrade
to the
48 matches
Mail list logo