Re: [opensuse] dictionary attacks

Mon, 30 Jul 2007 12:10:48 -0700 

* Sloan <[EMAIL PROTECTED]> [07-30-07 14:58]:
> I'm curious about the mechanism by which fail2ban determines what is
> legitimate high volume mail, and what is spam... Unfortunately
> messages can bounce due to various causes on the receiving end,
> including users who have moved on but haven't let all their contacts
> know their new email address, or even hardware problems, network
> outages or configuration blunders.


a little quote trimming would be nice  :^)

from my logs:

/var/log/mail:
Jul 30 14:13:06 wahoo postfix/smtpd[488]: connect from 
edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:18 wahoo postfix/smtpd[488]: NOQUEUE: reject: RCPT from 
edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; 
Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see 
http://www.spamcop.net/bl.shtml?83.14.202.194; from=<[EMAIL PROTECTED]> 
to=<[EMAIL PROTECTED]> proto=ESMTP helo=<[83.14.202.194]>
Jul 30 14:13:18 wahoo postfix/smtpd[488]: NOQUEUE: reject: RCPT from 
edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; 
Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see 
http://www.spamcop.net/bl.shtml?83.14.202.194; from=<[EMAIL PROTECTED]> 
to=<[EMAIL PROTECTED]> proto=ESMTP helo=<[83.14.202.194]>
Jul 30 14:13:27 wahoo postfix/smtpd[499]: connect from 
edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:38 wahoo postfix/smtpd[488]: lost connection after DATA from 
edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:38 wahoo postfix/smtpd[488]: disconnect from 
edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:40 wahoo postfix/smtpd[499]: NOQUEUE: reject: RCPT from 
edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; 
Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see 
http://www.spamcop.net/bl.shtml?83.14.202.194; from=<[EMAIL PROTECTED]> 
to=<[EMAIL PROTECTED]> proto=ESMTP helo=<[83.14.202.194]>
Jul 30 14:13:40 wahoo postfix/smtpd[499]: NOQUEUE: reject: RCPT from 
edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; 
Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see 
http://www.spamcop.net/bl.shtml?83.14.202.194; from=<[EMAIL PROTECTED]> 
to=<[EMAIL PROTECTED]> proto=ESMTP helo=<[83.14.202.194]>


/var/log/fail2ban:
2007-07-30 14:13:40,725 fail2ban.actions: WARNING [postfix-iptables] Ban 
83.14.202.194
2007-07-30 14:28:40,930 fail2ban.actions: WARNING [postfix-iptables] Unban 
83.14.202.194


-- 
Patrick Shanahan         Plainfield, Indiana, USA        HOG # US1244711
http://wahoo.no-ip.org     Photo Album:  http://wahoo.no-ip.org/gallery2
Registered Linux User #207535                    @ http://counter.li.org
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to