Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Remo Mattei
Use mod_security for httpd super used for years now. Il giorno 29 dic 2017, alle ore 11:48, Remo Mattei ha scritto: Iptables Here is my rules /etc/firewalld/direct.xml -p tcp --dport 25 -m state --state NEW -m recent --set -p tcp --dport 25 -m state --state NEW -m

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Remo Mattei
Iptables Here is my rules /etc/firewalld/direct.xml -p tcp --dport 25 -m state --state NEW -m recent --set -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j REJECT --reject-w ith tcp-reset -p tcp --dport 25 -m state --state NEW -m recent --update

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Eric Broch
Hi Peter, I have the stock fail2ban configuration set up for qmailtoaster and have never changed it. I just know that it is POSSIBLE with fail2ban to do DOS attack configuration. For http this is one . One

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Peter Peltonen
Never worked with fail2ban before. Care to share your config for qmailtoaster? On Fri, Dec 29, 2017 at 8:56 PM, Eric Broch wrote: > Hi Tony, > > I see this more than I'd like. Sometimes I hear my server cranking away > and upon investigation one day (tail -f

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Eric Broch
Hi Tony, I see this more than I'd like. Sometimes I hear my server cranking away and upon investigation one day (tail -f /var/log/qmail/smtp/current) found connects and immediate disconnects being perpetrated from the same IP address scrolling across the terminal for as long as I cared to watch,

RE: [qmailtoaster] connection issues again.

2017-12-29 Thread Dan McAllister - QMT DNS Admin
To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] connection issues again. Would FAIL2BAN be an ideal setup here? I use it to control the attacks [example: more than 10 failed logins in 1 day, your banned for "X" hours]. Fail2ban also works with the SquirrelMail, Roundcube, etc

RE: [qmailtoaster] connection issues again.

2017-12-29 Thread CarlC Internet Services Service Desk
re then my threshhold it is blocked vi iptables. The log where I count ist he usual maillog. Andreas -Ursprüngliche Nachricht- Von: jin [mailto:jinhit...@gmail.com] Gesendet: Freitag, 29. Dezember 2017 15:59 An: qmailtoaster-list@qmailtoaster.com Betreff: Re: [qmailtoaster] connection issues again

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread jin
Hi Remo Are using some kind of autonomous app/scrpt to block them ? If so, what kind of app/script are you using for drop them ? On 29 Dec 2017 5:19 p.m., "Remo Mattei" wrote: > Yes I created some rules based on connection time like 30 sec 5 min 30 min > etc. Dropped them. > >

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Remo Mattei
Yes I created some rules based on connection time like 30 sec 5 min 30 min etc. Dropped them. Il giorno 29 dic 2017, alle ore 06:07, Solo ha scritto: Hi Tony. Yes I see a lot - in my logs I think it's those spammers that tries to connect to Your server using a lot of

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Solo
Hi Tony. Yes I see a lot - in my logs I think it's those spammers that tries to connect to Your server using a lot of different names and end up getting refused by vpopmail - se my logwatch file below (all ip addresses match log entries in maillog and vpopmail) - vpopmail