Re: Firewall, blocking POP3
At 07:18 PM 5/30/2012, Robert Bonomi wrote: From jbiq...@intranet.com.mx Wed May 30 13:48:05 2012 Date: Wed, 30 May 2012 13:47:34 -0500 To: Robert Bonomi bon...@mail.r-bonomi.com From: Jorge Biquez jbiq...@intranet.com.mx Subject: Re: Firewall, blocking POP3 Cc: freebsd-questions@freebsd.org Hello. Thanks a lot!. Simple an elegant solution. I just did that and of course it worked I just was wondering... what if I need to have the service working BUT want to block those break attemps? IN this and other services. ? My guess is that it is a never ending process? I mean, block one, block another, another, etc? If one knows the address-blocks that legitimate customers will be using, one can block off access from 'everywhere else'. What the people who has big servers running for hosting services are doing? Or you just have a policy of strng passworrds, server up-todate and let the attemps to try forever? There are tools like 'fail2ban' that can be used to lock out persistant doorknob-rattlers. Also, one can do things like allow mail access (POP, IMAP, 'whatever') only via a port that is 'tunneled' through an SSH/SSL connection. This eliminates almost all doorknob rattling on the mail access ports, but gets lots of attempts on the SSH port. Which is generally not a problem, since the SSH keyspace is vastly larger, and more evenly distributed, than that for plaintext passwords. To eliminate virtually all the 'noise' from SSH doorknob-rattling, run it on a non-standard port. This does =not= increase the actual security of the system, but it does greatly reduce the 'noise' in the logs -- so any actual attack attempt is much more obvious. You can use /etc/hosts.allow to list your friendly IP's allowed by protocol. This provides an easy way to block all foreign users. You can use wildcards in this file, so if you need to allow users in for POP access from an ISP, you can do that. Also, if you do have wide array of addresses you need to let in, you may want to put the email services in a jail. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Firewall, blocking POP3
Hello all. I am sorry if the question is too basic. I have a personal small machine running FreeBSD 7.3-PRERELEASE #0: It runs as my web and email server for a cuple of domains. NO clients no other users have access to it. Is there any , easy/faster way to stop POP3 from being working. I am running qpopper to be able to download emailes. I decided to use sendmail since only a few accounts are there and I do not need more but in the last days the server has been under a big attack where people is trying to guess users and passwords. I am using a strong schema of passwords so no problem on that but I rather to be sure . I was thinking on the following options. - Stopping the service, port 110 to respond and open it everytime I want to download email. - Install a firewall and block all the IP's but they are trying from a lot different ones. - Maybe changing the port for pop3 and change all my devices to use another port? In case I need to start from zero and install a newer version I can do it, no problem at all but I am not sure if that helps to do things a easier way. Maybe install a complete different schema of sending receiving email (perhaps do not use sendmail to send , change to postfix and use IMAP instead of pop3. Would that help? Thank in advance for all your comments and help. Jorge Biquez ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Firewall, blocking POP3
From owner-freebsd-questi...@freebsd.org Wed May 30 13:16:37 2012 Date: Wed, 30 May 2012 13:08:30 -0500 To: freebsd-questions@freebsd.org From: Jorge Biquez jbiq...@intranet.com.mx Cc: Subject: Firewall, blocking POP3 Hello all. I am sorry if the question is too basic. I have a personal small machine running FreeBSD 7.3-PRERELEASE #0: It runs as my web and email server for a cuple of domains. NO clients no other users have access to it. Is there any , easy/faster way to stop POP3 from being working. I am running qpopper to be able to download emailes. I decided to use sendmail since only a few accounts are there and I do not need more but in the last days the server has been under a big attack where people is trying to guess users and passwords. I am using a strong schema of passwords so no problem on that but I rather to be sure . The mail -server- you use is irrelevant to how users retrieve mail. you can use sendmail and qpopper, or sendmail and an IMAP server, or sendmail and webmail app, or postix and qpopper, or exim and qpopper, etc. All you have to do to disable qpopper is edit comment out the line in /etc/inetd.conf, and SIGHUP inetd. To re-enable when you need it, uncomment the line, and SIGHUP inetd again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Firewall, blocking POP3
Hello. Thanks a lot!. Simple an elegant solution. I just did that and of course it worked I just was wondering... what if I need to have the service working BUT want to block those break attemps? IN this and other services. ? My guess is that it is a never ending process? I mean, block one, block another, another, etc? What the people who has big servers running for hosting services are doing? Or you just have a policy of strng passworrds, server up-todate and let the attemps to try forever? Thanks for the solution Mr Robert. Jorge Biquez At 01:32 p.m. 30/05/2012, Robert Bonomi wrote: From owner-freebsd-questi...@freebsd.org Wed May 30 13:16:37 2012 Date: Wed, 30 May 2012 13:08:30 -0500 To: freebsd-questions@freebsd.org From: Jorge Biquez jbiq...@intranet.com.mx Cc: Subject: Firewall, blocking POP3 Hello all. I am sorry if the question is too basic. I have a personal small machine running FreeBSD 7.3-PRERELEASE #0: It runs as my web and email server for a cuple of domains. NO clients no other users have access to it. Is there any , easy/faster way to stop POP3 from being working. I am running qpopper to be able to download emailes. I decided to use sendmail since only a few accounts are there and I do not need more but in the last days the server has been under a big attack where people is trying to guess users and passwords. I am using a strong schema of passwords so no problem on that but I rather to be sure . The mail -server- you use is irrelevant to how users retrieve mail. you can use sendmail and qpopper, or sendmail and an IMAP server, or sendmail and webmail app, or postix and qpopper, or exim and qpopper, etc. All you have to do to disable qpopper is edit comment out the line in /etc/inetd.conf, and SIGHUP inetd. To re-enable when you need it, uncomment the line, and SIGHUP inetd again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Firewall, blocking POP3
See /usr/ports/security/py-fail2ban (http://www.fail2ban.org/). Used in conjunction with FreeBSD's ipfw or pf firewall facility, you can ban an attacking IP address for a set period of time after a configurable amount of failed attempts. Fail2ban watches your log files for you and then triggers some sort of action -- which can really be anything you can conceive of. Patrick On Wed, May 30, 2012 at 11:47 AM, Jorge Biquez jbiq...@intranet.com.mx wrote: Hello. Thanks a lot!. Simple an elegant solution. I just did that and of course it worked I just was wondering... what if I need to have the service working BUT want to block those break attemps? IN this and other services. ? My guess is that it is a never ending process? I mean, block one, block another, another, etc? What the people who has big servers running for hosting services are doing? Or you just have a policy of strng passworrds, server up-todate and let the attemps to try forever? Thanks for the solution Mr Robert. Jorge Biquez At 01:32 p.m. 30/05/2012, Robert Bonomi wrote: From owner-freebsd-questi...@freebsd.org Wed May 30 13:16:37 2012 Date: Wed, 30 May 2012 13:08:30 -0500 To: freebsd-questions@freebsd.org From: Jorge Biquez jbiq...@intranet.com.mx Cc: Subject: Firewall, blocking POP3 Hello all. I am sorry if the question is too basic. I have a personal small machine running FreeBSD 7.3-PRERELEASE #0: It runs as my web and email server for a cuple of domains. NO clients no other users have access to it. Is there any , easy/faster way to stop POP3 from being working. I am running qpopper to be able to download emailes. I decided to use sendmail since only a few accounts are there and I do not need more but in the last days the server has been under a big attack where people is trying to guess users and passwords. I am using a strong schema of passwords so no problem on that but I rather to be sure . The mail -server- you use is irrelevant to how users retrieve mail. you can use sendmail and qpopper, or sendmail and an IMAP server, or sendmail and webmail app, or postix and qpopper, or exim and qpopper, etc. All you have to do to disable qpopper is edit comment out the line in /etc/inetd.conf, and SIGHUP inetd. To re-enable when you need it, uncomment the line, and SIGHUP inetd again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Firewall, blocking POP3
From jbiq...@intranet.com.mx Wed May 30 13:48:05 2012 Date: Wed, 30 May 2012 13:47:34 -0500 To: Robert Bonomi bon...@mail.r-bonomi.com From: Jorge Biquez jbiq...@intranet.com.mx Subject: Re: Firewall, blocking POP3 Cc: freebsd-questions@freebsd.org Hello. Thanks a lot!. Simple an elegant solution. I just did that and of course it worked I just was wondering... what if I need to have the service working BUT want to block those break attemps? IN this and other services. ? My guess is that it is a never ending process? I mean, block one, block another, another, etc? If one knows the address-blocks that legitimate customers will be using, one can block off access from 'everywhere else'. What the people who has big servers running for hosting services are doing? Or you just have a policy of strng passworrds, server up-todate and let the attemps to try forever? There are tools like 'fail2ban' that can be used to lock out persistant doorknob-rattlers. Also, one can do things like allow mail access (POP, IMAP, 'whatever') only via a port that is 'tunneled' through an SSH/SSL connection. This eliminates almost all doorknob rattling on the mail access ports, but gets lots of attempts on the SSH port. Which is generally not a problem, since the SSH keyspace is vastly larger, and more evenly distributed, than that for plaintext passwords. To eliminate virtually all the 'noise' from SSH doorknob-rattling, run it on a non-standard port. This does =not= increase the actual security of the system, but it does greatly reduce the 'noise' in the logs -- so any actual attack attempt is much more obvious. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org