Re: [qmailtoaster] Is it safe to block port 465/smtps and how to prevent brute force guessing
And, the instruction on fail2ban should work fine. Submit questions to list. On 11/1/2022 8:38 PM, Remo Mattei wrote: I would change all the passwords. Remo -- Mandato da iPhone On martedì, nov 01, 2022 at 14:44, Eric Broch wrote: # qmailctl stop # touch /var/qmail/supervise/smtps/log/down # touch /var/qmail/supervise/smtps/down # qmailctl start # qmailctl stat But, if they've hacked smtps then they've also hacked submission; right? On 11/1/2022 1:10 PM, Peter Peltonen wrote: Hi, I had an email account password guessed through auth attempts via smtps. I did not realize this as I had forgotten I had it enabled at all. I was looking at the submission log and scratching my head not understanding how messages got to the remote queue without anything in the submission log, until I realized smpts was enabled and it was logging to /var/log/maillog and not to any log under /var/log/qmail... My first question: is it safe to disable smtps, I guess I don't need it for anything as all my users should be using 587/submission instead? Second question: How do I disable it? Should I just remove /var/qmail/supervise/smtps/run file? And/or block it at firewall level? Third question: to prevent brute force attacks, is fail2ban the best option to do it? I just follow the instructions at http://www.qmailtoaster.com/fail2ban.html ? Best, Peter - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Is it safe to block port 465/smtps and how to prevent brute force guessing
I would change all the passwords. Remo -- Mandato da iPhone > On martedì, nov 01, 2022 at 14:44, Eric Broch (mailto:ebr...@whitehorsetc.com)> wrote: > # qmailctl stop > > # touch /var/qmail/supervise/smtps/log/down > > # touch /var/qmail/supervise/smtps/down > > # qmailctl start > > # qmailctl stat > > But, if they've hacked smtps then they've also hacked submission; right? > > > On 11/1/2022 1:10 PM, Peter Peltonen wrote: > > Hi, > > > > I had an email account password guessed through auth attempts via smtps. > > > > I did not realize this as I had forgotten I had it enabled at all. I > > was looking at the submission log and scratching my head not > > understanding how messages got to the remote queue without anything in > > the submission log, until I realized smpts was enabled and it was > > logging to /var/log/maillog and not to any log under /var/log/qmail... > > > > My first question: is it safe to disable smtps, I guess I don't need > > it for anything as all my users should be using 587/submission instead? > > > > Second question: How do I disable it? Should I just > > remove /var/qmail/supervise/smtps/run file? And/or block it at > > firewall level? > > > > Third question: to prevent brute force attacks, is fail2ban the best > > option to do it? I just follow the instructions at > > http://www.qmailtoaster.com/fail2ban.html ? > > > > Best, > > Peter > > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >
Re: [qmailtoaster] Is it safe to block port 465/smtps and how to prevent brute force guessing
# qmailctl stop # touch /var/qmail/supervise/smtps/log/down # touch /var/qmail/supervise/smtps/down # qmailctl start # qmailctl stat But, if they've hacked smtps then they've also hacked submission; right? On 11/1/2022 1:10 PM, Peter Peltonen wrote: Hi, I had an email account password guessed through auth attempts via smtps. I did not realize this as I had forgotten I had it enabled at all. I was looking at the submission log and scratching my head not understanding how messages got to the remote queue without anything in the submission log, until I realized smpts was enabled and it was logging to /var/log/maillog and not to any log under /var/log/qmail... My first question: is it safe to disable smtps, I guess I don't need it for anything as all my users should be using 587/submission instead? Second question: How do I disable it? Should I just remove /var/qmail/supervise/smtps/run file? And/or block it at firewall level? Third question: to prevent brute force attacks, is fail2ban the best option to do it? I just follow the instructions at http://www.qmailtoaster.com/fail2ban.html ? Best, Peter - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Is it safe to block port 465/smtps and how to prevent brute force guessing
Hi, I had an email account password guessed through auth attempts via smtps. I did not realize this as I had forgotten I had it enabled at all. I was looking at the submission log and scratching my head not understanding how messages got to the remote queue without anything in the submission log, until I realized smpts was enabled and it was logging to /var/log/maillog and not to any log under /var/log/qmail... My first question: is it safe to disable smtps, I guess I don't need it for anything as all my users should be using 587/submission instead? Second question: How do I disable it? Should I just remove /var/qmail/supervise/smtps/run file? And/or block it at firewall level? Third question: to prevent brute force attacks, is fail2ban the best option to do it? I just follow the instructions at http://www.qmailtoaster.com/fail2ban.html ? Best, Peter