[qmailtoaster] Fail2Ban

2014-08-06 Thread Dan McAllister
I am curious -- has anyone looked into a fail2ban implementation for QMT One of my larger mail servers is being attacked (from China, currently, but when it started in Malaysia and I blocked all malaysian IPs, they just moved to another IP) with essentially a brute-force password guessing

Re: [qmailtoaster] Fail2Ban

2014-08-06 Thread nowuknow
You should try this: https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/qmail.conf Ed On 08/06/2014 06:09 PM, Dan McAllister wrote: I am curious -- has anyone looked into a fail2ban implementation for QMT One of my larger mail servers is being attacked (from China, currently,

Re: [qmailtoaster] Fail2Ban

2014-08-06 Thread Finn Buhelt
Hi Dan. I'm having same attempts - these days it escalates. They get a 'tcpserver: end 28341 status 256' in the submission log because of vpopmail refusal (I think) so I catch them in the maillog file. (Now I come to think of it one should catch all status 256's and ban them !) I using

[qmailtoaster] Re: Fail2Ban

2014-08-06 Thread Eric Shubert
On 08/06/2014 03:09 PM, Dan McAllister wrote: I am curious -- has anyone looked into a fail2ban implementation for QMT On a general note, I believe several people here have implemented f2b on QMT. You should find discussions and perhaps some other configurations in the list archives. It'd be

Re: [qmailtoaster] Re: Fail2Ban

2014-08-06 Thread Dave M
I do have 2 qmt servers with f2b I will get my configs and share shortly Dave M On 8/6/2014 4:26 PM, Eric Shubert wrote: On 08/06/2014 03:09 PM, Dan McAllister wrote: I am curious -- has anyone looked into a fail2ban implementation for QMT On a general note, I believe several people here

Re: [qmailtoaster] Re: Fail2Ban

2014-08-06 Thread Angus McIntyre
Eric Shubert wrote: On a general note, I believe several people here have implemented f2b on QMT. You should find discussions and perhaps some other configurations in the list archives. It'd be nice if people would share their configurations here (even if they've done so before). A while

[qmailtoaster] Logwatch Error

2014-08-06 Thread Chandran Manikandan
Hi Folks, I have centos 6.5 64 bit server with installed qmailtoaster and it's run successfully. When i tried to use this command logwatch to watch the reports, it's show below error. Can't exec sendmail: No such file or directory at /usr/sbin/logwatch line 1046, TESTFILE line 2. Can't execute

Re: [qmailtoaster] Re: Fail2Ban

2014-08-06 Thread Sebastian Grewe
As long as you feed ELK from logstash by reading logs there is no reason that you couldn't attach fail2ban to the same logs. If you plan to forward logs to elk without local files being written you will have problems. I have been doing a lot on ELK lately. It's a great system and Kibana