Never worked with fail2ban before. Care to share your config for qmailtoaster?

On Fri, Dec 29, 2017 at 8:56 PM, Eric Broch <ebr...@whitehorsetc.com> wrote:
> Hi Tony,
>
> I see this more than I'd like. Sometimes I hear my server cranking away
> and upon investigation one day (tail -f /var/log/qmail/smtp/current)
> found connects and immediate disconnects being perpetrated from the same
> IP address scrolling across the terminal for as long as I cared to
> watch, 45 minutes or so, and then continued to hear my server cranking
> away until I left the room. I've tried banning them in my external
> firewall but I think the better approach is to use either IP tables or
> fail2ban DOS. I don't want to wait for authentication (the stock
> fail2ban setup for qmailtoaster) before dropping the IP but want anyone
> who connects even without trying to authenticate to be banned after so
> many attempts within a certain time frame. Fail2ban and IP Tables have
> these options.
>
> Eric
>
>
>
> On 12/29/2017 6:40 AM, Tony White wrote:
>>
>> Hi folks,
>>   Is anyone else seeing a single ip connecting hundreds even thousands
>> of times but never sending any mail? I end up blocking these using
>> iptables
>> but I do not understand why it is happening.
>>
>> TIA
>>
>> Example
>> 2017-12-30 00:31:31.653614500 tcpserver: status: 2/100
>> 2017-12-30 00:31:31.653753500 tcpserver: pid 31242 from 114.229.162.93
>> 2017-12-30 00:31:31.653820500 tcpserver: ok 31242
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62277
>> 2017-12-30 00:31:32.581728500 tcpserver: end 31242 status 0
>> 2017-12-30 00:31:32.581729500 tcpserver: status: 1/100
>> 2017-12-30 00:31:32.872455500 tcpserver: status: 2/100
>> 2017-12-30 00:31:32.872564500 tcpserver: pid 31246 from 114.229.162.93
>> 2017-12-30 00:31:32.872611500 tcpserver: ok 31246
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62369
>> 2017-12-30 00:31:33.862860500 tcpserver: end 31246 status 0
>> 2017-12-30 00:31:33.862861500 tcpserver: status: 1/100
>> 2017-12-30 00:31:34.375021500 tcpserver: status: 2/100
>> 2017-12-30 00:31:34.375022500 tcpserver: pid 31248 from 114.229.162.93
>> 2017-12-30 00:31:34.375056500 tcpserver: ok 31248
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62461
>> 2017-12-30 00:31:35.326643500 tcpserver: end 31248 status 0
>> 2017-12-30 00:31:35.326645500 tcpserver: status: 1/100
>> 2017-12-30 00:31:35.717309500 tcpserver: status: 2/100
>> 2017-12-30 00:31:35.717443500 tcpserver: pid 31252 from 114.229.162.93
>> 2017-12-30 00:31:35.717508500 tcpserver: ok 31252
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62563
>> 2017-12-30 00:31:36.657366500 tcpserver: end 31252 status 0
>> 2017-12-30 00:31:36.657368500 tcpserver: status: 1/100
>> 2017-12-30 00:31:37.007733500 tcpserver: status: 2/100
>> 2017-12-30 00:31:37.007904500 tcpserver: pid 31254 from 114.229.162.93
>> 2017-12-30 00:31:37.007983500 tcpserver: ok 31254
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62637
>> 2017-12-30 00:31:37.914884500 tcpserver: end 31254 status 0
>> 2017-12-30 00:31:37.914885500 tcpserver: status: 1/100
>> 2017-12-30 00:31:38.215151500 tcpserver: status: 2/100
>> 2017-12-30 00:31:38.215252500 tcpserver: pid 31259 from 114.229.162.93
>> 2017-12-30 00:31:38.215296500 tcpserver: ok 31259
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62738
>> 2017-12-30 00:31:39.110484500 tcpserver: end 31259 status 0
>> 2017-12-30 00:31:39.110485500 tcpserver: status: 1/100
>> 2017-12-30 00:31:39.433288500 tcpserver: status: 2/100
>> 2017-12-30 00:31:39.433302500 tcpserver: pid 31261 from 114.229.162.93
>> 2017-12-30 00:31:39.433357500 tcpserver: ok 31261
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62831
>> 2017-12-30 00:31:40.316270500 tcpserver: end 31261 status 0
>> 2017-12-30 00:31:40.316271500 tcpserver: status: 1/100
>> 2017-12-30 00:31:40.615598500 tcpserver: status: 2/100
>> 2017-12-30 00:31:40.615698500 tcpserver: pid 31271 from 114.229.162.93
>> 2017-12-30 00:31:40.615766500 tcpserver: ok 31271
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62924
>> 2017-12-30 00:31:41.496972500 tcpserver: end 31271 status 0
>> 2017-12-30 00:31:41.496973500 tcpserver: status: 1/100
>> 2017-12-30 00:31:41.873223500 tcpserver: status: 2/100
>> 2017-12-30 00:31:41.873326500 tcpserver: pid 31273 from 114.229.162.93
>> 2017-12-30 00:31:41.873371500 tcpserver: ok 31273
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63007
>> 2017-12-30 00:31:42.828193500 tcpserver: end 31273 status 0
>> 2017-12-30 00:31:42.828194500 tcpserver: status: 1/100
>> 2017-12-30 00:31:43.135644500 tcpserver: status: 2/100
>> 2017-12-30 00:31:43.135749500 tcpserver: pid 31277 from 114.229.162.93
>> 2017-12-30 00:31:43.135794500 tcpserver: ok 31277
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63093
>> 2017-12-30 00:31:44.067442500 tcpserver: end 31277 status 0
>> 2017-12-30 00:31:44.067443500 tcpserver: status: 1/100
>> 2017-12-30 00:31:44.362100500 tcpserver: status: 2/100
>> 2017-12-30 00:31:44.362188500 tcpserver: pid 31282 from 114.229.162.93
>> 2017-12-30 00:31:44.362231500 tcpserver: ok 31282
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63184
>> 2017-12-30 00:31:45.274625500 tcpserver: end 31282 status 0
>> 2017-12-30 00:31:45.274626500 tcpserver: status: 1/100
>> 2017-12-30 00:31:45.574491500 tcpserver: status: 2/100
>> 2017-12-30 00:31:45.574579500 tcpserver: pid 31293 from 114.229.162.93
>> 2017-12-30 00:31:45.574625500 tcpserver: ok 31293
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63270
>> 2017-12-30 00:31:46.464235500 tcpserver: end 31293 status 0
>> 2017-12-30 00:31:46.464236500 tcpserver: status: 1/100
>> 2017-12-30 00:31:46.773361500 tcpserver: status: 2/100
>> 2017-12-30 00:31:46.773362500 tcpserver: pid 31298 from 114.229.162.93
>> 2017-12-30 00:31:46.773363500 tcpserver: ok 31298
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63351
>> 2017-12-30 00:31:47.659727500 tcpserver: end 31298 status 0
>> 2017-12-30 00:31:47.659728500 tcpserver: status: 1/100
>> 2017-12-30 00:31:47.940773500 tcpserver: status: 2/100
>> 2017-12-30 00:31:47.940879500 tcpserver: pid 31300 from 114.229.162.93
>> 2017-12-30 00:31:47.940920500 tcpserver: ok 31300
>> indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63439
>>
>>
>>
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>

---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to