https://bugs.contribs.org/show_bug.cgi?id=8955
--- Comment #8 from John Crisp <[email protected]> ---
Attached some patched files for fail2ban to assist in blocking attacks on
qpsmtpd and sqpsmtpd
To test.
Backup the existing qpsmtpd.conf in /etc/fail2ban/filterd.d
Copy qpsmtpd.conf and sqpsmtpd.conf to /etc/fail2ban/filterd.d
Copy 30Service20qpsmtpd and 30Service20sqpsmtpd to
/etc/e-smith/templates-custom/etc/fail2ban/jail.conf
signal-event fail2ban-conf
Check /var/log/fail2ban/daemon.log along with qpsmtpd/current and
sqpsmtpd/current
Try running a few telnet sessions to your server on port 465 - just open the
connection and then quit. e.g.
[root@test]# telnet my.server.com 465
Trying 1.2.3.4...
Connected to my.server.com
Escape character is '^]'.
^C
quit
@400000005bee93a914576b9c 16225 (connect) tls: fail, unable to establish SSL
@400000005bee93a91472e6c4 16225 (deny) logging::logterse: ` 1.2.3.4
1.2.3.4.rev.domain.com tls 903 Cannot establish SSL session msg denied before
queued
@400000005bee93a91472eaac 16225 550 Cannot establish SSL session
@400000005bee93a91472ee94 16225 click, disconnecting
2018-11-16 10:53:17,581 fail2ban.filter [14304]: INFO [sqpsmtpd]
Found 1.2.3.4
2018-11-16 10:53:25,573 fail2ban.filter [14304]: INFO [sqpsmtpd]
Found 1.2.3.4
2018-11-16 10:53:35,346 fail2ban.filter [14304]: INFO [sqpsmtpd]
Found 1.2.3.4
2018-11-16 10:53:35,779 fail2ban.actions [14304]: NOTICE [sqpsmtpd] Ban
1.2.3.4
--
You are receiving this mail because:
You are the QA Contact for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
