Re: [courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread Gordon Messmer
On 07/08/2016 03:04 PM, Alexei Batyr' wrote: > > Unfortunately spamers/fishers et al. already mastered SSL and STARTTLS and > successfully use them in brute force and other attacks. I'd expect so. I didn't recommend TLS as a measure against brute-force attacks, I recommended it to protect

Re: [courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread SZÉPE Viktor
You may discover some networks that are malicious (shadow nets) I maintain a list of these https://github.com/szepeviktor/debian-server-tools/tree/master/security/myattackers-ipsets Use the shell scripts provided. And take a look at iptables rule counters weekly so you know how successful they

Re: [courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread SZÉPE Viktor
Please consider reading and understanding these Courier ban rules: https://github.com/szepeviktor/debian-server-tools/tree/master/security/fail2ban-conf/filter.d Idézem/Quoting Sam Varshavchik : > Nathan Harris writes: > >> For a while now our server has been seeing a

Re: [courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread Alexei Batyr'
Gordon Messmer writes: > Authentication over plain text is only allowed if ESMTPAUTH is set in > etc/courier/esmtpd. To maintain password security, that setting should > be empty. Instead, use ESMTPAUTH_TLS to enable authentication only > after TLS is initialized. Unfortunately spamers/fishers

Re: [courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread Sam Varshavchik
Nathan Harris writes: On 7/8/2016 10:58 AM, Gordon Messmer wrote: > On 07/08/2016 06:49 AM, Nathan Harris wrote: >> Is there anything more >> sophisticated or a better approach to solving this problem? > I'd recommend that you not allow authentication on any non-encrypted > protocols, and

Re: [courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread Sam Varshavchik
Nathan Harris writes: For a while now our server has been seeing a lot of brute force authentication attacks. Of course the source of these attacks is constantly changing. My firewall (pfSense) is running Snort and I am using the following custom rules to help. alert tcp $SMTP_SERVERS 25 ->

Re: [courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread Nathan Harris
On 7/8/2016 2:23 PM, Gordon Messmer wrote: > >> As far as rejecting/disabling smtp authentication, I was not aware there was >> a setting for this. > Authentication over plain text is only allowed if ESMTPAUTH is set in > etc/courier/esmtpd. To maintain password security, that setting should >

Re: [courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread Gordon Messmer
On 07/08/2016 09:54 AM, Nathan Harris wrote: > Gordon, first let me start with a big thank you for pythonfilter which I > have used for years. Cool. Glad to hear it! > As far as rejecting/disabling smtp authentication, I was not aware there was > a setting for this. Authentication over

Re: [courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread Nathan Harris
On 7/8/2016 10:58 AM, Gordon Messmer wrote: > On 07/08/2016 06:49 AM, Nathan Harris wrote: >> Is there anything more >> sophisticated or a better approach to solving this problem? > I'd recommend that you not allow authentication on any non-encrypted > protocols, and that'll only leave log

Re: [courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread Gordon Messmer
On 07/08/2016 06:49 AM, Nathan Harris wrote: > Is there anything more > sophisticated or a better approach to solving this problem? I'd recommend that you not allow authentication on any non-encrypted protocols, and that'll only leave log analysis tools like fail2ban as options.

Re: [courier-users] Vhost certificates

2016-07-08 Thread Bowie Bailey
On 7/8/2016 10:03 AM, Matus UHLAR - fantomas wrote: > On 08.07.16 16:38, Mark Constable wrote: >> FWIW I finally got around to testing 0.76.1 with a virtual vhost SSL >> (letsencrypt) certificate and it worked! >> >> All I did was create symlinks from /etc/courier/{esmtpd,imapd}.pem.DOMAIN >> to

[courier-users] Blocking Brute Force Auth Attacks

2016-07-08 Thread Nathan Harris
For a while now our server has been seeing a lot of brute force authentication attacks. Of course the source of these attacks is constantly changing. My firewall (pfSense) is running Snort and I am using the following custom rules to help. alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any

Re: [courier-users] Vhost certificates

2016-07-08 Thread Matus UHLAR - fantomas
On 08.07.16 16:38, Mark Constable wrote: >FWIW I finally got around to testing 0.76.1 with a virtual vhost SSL >(letsencrypt) certificate and it worked! > >All I did was create symlinks from /etc/courier/{esmtpd,imapd}.pem.DOMAIN >to the right combined privkey.pem + fullchain.pem for the

Re: [courier-users] Vhost certificates

2016-07-08 Thread Bowie Bailey
On 7/8/2016 2:38 AM, Mark Constable wrote: > FWIW I finally got around to testing 0.76.1 with a virtual vhost SSL > (letsencrypt) certificate and it worked! > > All I did was create symlinks from /etc/courier/{esmtpd,imapd}.pem.DOMAIN > to the right combined privkey.pem + fullchain.pem for the

[courier-users] Vhost certificates

2016-07-08 Thread Mark Constable
FWIW I finally got around to testing 0.76.1 with a virtual vhost SSL (letsencrypt) certificate and it worked! All I did was create symlinks from /etc/courier/{esmtpd,imapd}.pem.DOMAIN to the right combined privkey.pem + fullchain.pem for the particular vhost and Thunderbird worked perfectly.