Eric Shubert escribió:
Sergio,
.) Be sure you're running the latest spamdyke (4.2.0). 4.1.x versions
had a bug where rejected sessions would not terminate immediately,
causing excessive idle smtp sessions (and ultimately TIMEOUTs). That
may no be affecting you, but you should check to be
I think he said he is not an user yet, but i am looking at:
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg23951.html
Tony White escribió:
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be
Michael Colvin escribió:
Are all of the username portions of the e-mail addresses legitimate e-mails?
IE, it looks like you cleansed the domain portion, but, in the log, are the
all, or most, of the e-mails legitimate?
I've seen this with random attempts at guessing e-mails and passwords, but
South Computers escribió:
Sounds like they may have gotten hit with a virus or pissed someone
off. I would block the domain from relaying inform the customer,
possibly make them change their email account passwords if it's not a
large organization. Ask them to relay through their provider if
I found this to use fail2ban to block vpopmail failed passwd attempts,
but cannot make it work.
Its in spanish, but the code is in english anyway.
http://systemadmin.es/2011/01/anadir-nuevas-reglas-de-filtrado-a-fail2ban
any ideas, specially about the regex?
Thanks!
-Sergio
Finn Buhelt (kirstineslund) escribió:
Hi Sergio.
If I am reading Your logfile correct You should try to replace
*vchkpw-pop3: vpopmail user not found* with *vchkpw-smtp: password
fail *and leave everything else.
Change this in the filter.d directory and remember to reload fail2ban
(
Finn Buhelt (kirstineslund) escribió:
Hi Sergio.
If I am reading Your logfile correct You should try to replace
*vchkpw-pop3: vpopmail user not found* with *vchkpw-smtp: password
fail *and leave everything else.
Change this in the filter.d directory and remember to reload fail2ban
(
Finn Buhelt (kirstineslund) escribió:
Hi Sergio.
If I am reading Your logfile correct You should try to replace
*vchkpw-pop3: vpopmail user not found* with *vchkpw-smtp: password
fail *and leave everything else.
Change this in the filter.d directory and remember to reload fail2ban
(
Finn Buhelt (kirstineslund) escribió:
Hi again Sergio.
FYI
fail2ban unbans the IP after X minutes (X is set i the jail.conf
either globally or per 'filter.conf')
/Finn
Hi, I am banning them for 1 week, but I wanted to know how to unban
someone right away if a customer complaints.
Thanks!
[from this other thread
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg30514.html
]
As I said, being under SMTP attack I installed fail2ban and created a
set of rules like:
*** jail.conf ***
(...)
[vpopmail]
enabled = true
port = pop3
filter = vpopmail
action =
Sergio M escribió:
[from this other thread
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg30514.html
]
As I said, being under SMTP attack I installed fail2ban and created a
set of rules like:
*** jail.conf ***
(...)
[vpopmail]
enabled = true
port = pop3 filter
Finn Buhelt (kirstineslund) escribió:
Hi Sergio.
1.There is a *.conf file somewhere on the net that checks
fail2ban's own logfile and to a certain extend prevent this from
happening.(sorry cann't remember where but will do some investigation
and let You kow if I'm successfull)
Finn,
I
Eric Shubert escribió:
On 03/02/2011 06:31 AM, Sergio M wrote:
[from this other thread
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg30514.html
]
As I said, being under SMTP attack I installed fail2ban and created a
set of rules like:
*** jail.conf ***
(...)
[vpopmail
Eric Shubert escribió:
You should see:
03-02 10:09:37 tcpserver: status: 0/25
right after you start qmail. If it doesn't drop to 0 when you start
it, then something's wrong. Please check the status message which
corresponds to the start of qmail. If it's not 0/25, please post
several lines
Eric Shubert escribió:
On 03/02/2011 10:22 AM, Sergio M wrote:
Eric Shubert escribió:
You should see:
03-02 10:09:37 tcpserver: status: 0/25
right after you start qmail. If it doesn't drop to 0 when you start
it, then something's wrong. Please check the status message which
corresponds
#!/bin/sh
exec /usr/bin/spamd -x -m 8 -u vpopmail -s stderr 21
That's a good start.
What are your load number looking like? Pretty low I expect.
I'd open that puppy up. You can handle way more than 25 connections.
I'd go back to the default value of 100 for starters, and double the
number
Eric Shubert escribió:
On 03/02/2011 12:04 PM, Sergio M wrote:
#!/bin/sh
exec /usr/bin/spamd -x -m 8 -u vpopmail -s stderr 21
That's a good start.
What are your load number looking like? Pretty low I expect.
I'd open that puppy up. You can handle way more than 25 connections.
I'd go back
Eric Shubert escribió:
On 03/02/2011 12:32 PM, Sergio M wrote:
Eric Shubert escribió:
On 03/02/2011 12:04 PM, Sergio M wrote:
#!/bin/sh
exec /usr/bin/spamd -x -m 8 -u vpopmail -s stderr 21
That's a good start.
What are your load number looking like? Pretty low I expect.
I'd open
I can say that with 64 concurrencyincoming and 16 spamd childs (and a
magic reboot, just in case)
its now flowing smoothly and the sessions are under 40/64 most of the
time. (for now)
# top
top - 17:19:24 up 43 min, 1 user, load average: 0.55, 0.73, 0.95
Tasks: 269 total, 1 running, 268
formatting, specially
the code snipets and quotes.
Thanks!
--
pre
Sergio M
mailto:sergio...@gmail.com
/pre
font face=Verdana, Arial, Helvetica, sans-serif size=3 color=#00CC00bP:
/b/fontfont face=Verdana, Arial, Helvetica, sans-serif size=1 color=#66iquest;Realmente
necesitaacute;s
Eric Shubert escribi:
Timing
is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Banaction="">
Have at it. I've added a link to this page under the Configuration-
Security section. It's a start (albeit not much of one).
Hey guys, I created a basic article,
Pak Ogah escribió:
div class=moz-text-flowed style=font-family: -moz-fixedOn
07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and
re-formatting, I didn't know what
Hi there list.
Yesterday I had this weird problem with my QMT box. First, the SMTP and POP3
services stopped to answer. So I ssh'ed in and made a qmailctl stat.
Every service looked like this:
supervise: fatal: unable to acquire log/supervise/lock: read-only file system
So I tried to qmailctl
El -10/01/37 16:59, Jake Vickers escribió:
On 07/07/2011 11:47 AM, Sergio M wrote:
Hi there list.
Yesterday I had this weird problem with my QMT box. First, the SMTP and POP3
services stopped to answer. So I ssh'ed in and made a qmailctl stat.
Every service looked like this:
supervise: fatal
El 09/07/11 19:31, Sergio M escribió:
El -10/01/37 16:59, Jake Vickers escribió:
On 07/07/2011 11:47 AM, Sergio M wrote:
Hi there list.
Yesterday I had this weird problem with my QMT box. First, the SMTP and POP3
services stopped to answer. So I ssh'ed in and made a qmailctl stat.
Every
25 matches
Mail list logo