OT: how do You protect an email relay service?
Good day. If You use an email relay service, how do You protect it: VMs, iptables connections rate limit, ... ? Personally, I have a problem with email sending authorization - how I can separate the users that have not their boxes on our service and therefore I can ban their trials to pick up a password - I can not reduce it even to the local net IPs bt iptables - as port 25 is used for not only for sending our own users but for receiving it for the local users - as I understand. Thank You for Your time. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: OT: Server protection strategy from evil doers - how to stop them.
I use a combination of suhosin, mod_security and scripts to automatically respond to attacks. Something like Fail2Ban http://www.fail2ban.org/wiki/index.php/Main_Page or CSF http://www.configserver.com/cp/csf.html will automatically take the appropriate actions based on your preferences and email you about it. Hope this helps... Best regards, -Chris sthu.d...@gmail.com wrote: Good day. My question is about the strategy practice of stopping the evil doers at my server - as it is a server I can not turn it off, yet I would not that the things that some guys try to do will be repeated. Therefore, may, You would share Your experience/knowledge how to stop them. The situation: I see evil doing in logs. I know the addresses they did use for that. What is the best way (1. Effective; 2. Easy to commit) to stop them? My own considerations for now: to use iptables to ban those IPs, but here I have the following problem: if I exclude by IP - it is a lot of IPs. If I exclude by its ranges - I risk to exclude goo users from our public services (web, email) others - the same is for the ISP nets - as their users can change their IPs easily. So... please, any suggestions. Thank You for Your time and effort. Best regards, Sthu Deus. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: OT: how do You protect an email relay service?
On Sat, 30 May 2009, Sthu Deus wrote: Good day. If You use an email relay service, how do You protect it: VMs, iptables connections rate limit, ... ? Personally, I have a problem with email sending authorization - how I can separate the users that have not their boxes on our service and therefore I can ban their trials to pick up a password - I can not reduce it even to the local net IPs bt iptables - as port 25 is used for not only for sending our own users but for receiving it for the local users - as I understand. Consider using port 587 for submission. Allow only authenticated sessions on port 587, and port 25 use only for comunication with other MTAs. see RFC 2746, 3.1 -- Regards, Paweł Zuzelski -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: OT: how do You protect an email relay service?
Hi, * Sthu Deus sthu.d...@gmail.com [2009-05-30 15:44]: If You use an email relay service, how do You protect it: VMs, iptables connections rate limit, ... ? As you noticed yourself by marking this mail as OT this is probably not the right list for your question. Please use a different list. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpUGn8DNiNM7.pgp Description: PGP signature
Re: How safely to stop using backports repo?
On Thu, May 28, 2009 at 01:20:25AM +0700, sthu.d...@gmail.com wrote: Good day, MARGUERIE. Thank You for Your reply: Otherwise, you can `apt-get remove` them (plus --purge if you want to reset your configuration files) and re-install them : that way you'll use the main-repo version and you won't want have security problems anymore. That decision I feared... Is there a automatic way that can give me a list of the packages came from backports repo? plug type=shameless you might want to have a look at apt-forktracer /plug -- Marcin Owsiany porri...@debian.org http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: OT: how do You protect an email relay service?
Two ways: for clients who have thier own mail servers and need to relay and for people with Linux laptops who can run posfix or exim we permi relaying based on TLS certificate presented by the MTA. For those who use Windows based dekstops: pop-before-smtp daemon. All others get greylisted: http://en.wikipedia.org/wiki/Greylisting Cheers Tomasz Ciolek On Sat, May 30, 2009 at 02:54:16PM +0700, Sthu Deus wrote: Good day. If You use an email relay service, how do You protect it: VMs, iptables connections rate limit, ... ? Personally, I have a problem with email sending authorization - how I can separate the users that have not their boxes on our service and therefore I can ban their trials to pick up a password - I can not reduce it even to the local net IPs bt iptables - as port 25 is used for not only for sending our own users but for receiving it for the local users - as I understand. Thank You for Your time. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org -- Tomasz M. Ciolek *** tmc at vandradlabs dot com dot au *** GPG Key ID: 0x41C4C2F0 GPG Key Fingerprint: 3883 B308 8256 2246 D3ED A1FF 3A1D 0EAD 41C4 C2F0 Key available on good key-servers *** signature.asc Description: Digital signature
Re: OT: how do You protect an email relay service?
hi you can use sasl identification , spamassassin and greylist is a good trial solution cheers philippe Le 31/05/2009 01:18, Tomasz Ciolek a écrit : Two ways: for clients who have thier own mail servers and need to relay and for people with Linux laptops who can run posfix or exim we permi relaying based on TLS certificate presented by the MTA. For those who use Windows based dekstops: pop-before-smtp daemon. All others get greylisted: http://en.wikipedia.org/wiki/Greylisting Cheers Tomasz Ciolek On Sat, May 30, 2009 at 02:54:16PM +0700, Sthu Deus wrote: Good day. If You use an email relay service, how do You protect it: VMs, iptables connections rate limit, ... ? Personally, I have a problem with email sending authorization - how I can separate the users that have not their boxes on our service and therefore I can ban their trials to pick up a password - I can not reduce it even to the local net IPs bt iptables - as port 25 is used for not only for sending our own users but for receiving it for the local users - as I understand. Thank You for Your time. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org