Nice, that's great! :)
Just a little question: I don't get this HOST (I've also read the wiki
but it's not clear)
can you do an example, please?
Thanks,
Cheers!
Il 05/03/2011 23:26, Sergio M ha scritto:
Eric Shubert escribió:
Timing is good on this. :)
HOST is an alias for a regular expression to find the ip address. Which
is defined in the code.
Succes,
Peter.
Nice, that's great! :)
Just a little question: I don't get this HOST (I've also read the wiki
but it's not clear)
can you do an example, please?
Thanks,
Cheers!
Il
Hi.
HOST matches either the Ip address or the hostname
Cheers
Finn
On 08-03-2011 09:04, Digital Instruments wrote:
Nice, that's great! :)
Just a little question: I don't get this HOST (I've also read the
wiki but it's not clear)
can you do an example, please?
Thanks,
Cheers!
Il
On 07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and re-formatting,
I didn't know what that fail2ban meaning (I haven't tried it also)
but, I saw something weird. So
On 3/8/2011 11:18 AM, Pak Ogah wrote:
On 07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and
re-formatting, I didn't know what that fail2ban meaning (I haven't
tried
Pak Ogah escribió:
div class=moz-text-flowed style=font-family: -moz-fixedOn
07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and
re-formatting, I didn't know what
okay thank you for your explanation
On 08-Mar-11 19:43, Toma Bogdan wrote:
Hello,
If your system have shorewall as firewall solution management
we get 'action' statement from /etc/fail2ban/jail.conf
---
[qmail-pop3]
enable = true
filter = qmail-pop3
action = shorewall
Oke done, prettified with some minor changes
http://wiki.qmailtoaster.com/index.php/Fail2Ban
On 06-Mar-11 5:26, Sergio M wrote:
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Banaction=edit
Have at it. I've added a link to this page under
Used on Centos 5.5
/etc/fail2ban/filter.d/qmail-pop3.conf
--- start cut --
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named host. The tag
HOST can
# be used for standard
I'll try to prettified for you :D
On 06-Mar-11 5:26, Sergio M wrote:
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Banaction=edit
Have at it. I've added a link to this page under the Configuration-
Security section. It's a start (albeit
Eric Shubert escribi:
Timing
is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Banaction="">
Have at it. I've added a link to this page under the Configuration-
Security section. It's a start (albeit not much of one).
Hey guys, I created a basic article,
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Banaction=edit
Have at it. I've added a link to this page under the Configuration-
Security section. It's a start (albeit not much of one).
I wrote some basic stuff, but it needs proper wiki
On 03/02/2011 09:08 PM, David Milholen wrote:
+1000 on this solution.
It works for me. I also have a honeypot that these ips get thrown into
and trapped after so many attempts.
Stupid Hackers LOL:)
--Dave
rofl, I doubt you will ever call an hacker stupid. Prolly they are
just kids having fun.
It's funny that I should check back in. I just installed fail2ban to deal with
another issue, however realized it could stop a lot of RBL traffic if I just
banned IP addresses so also added it for qmail. If someone gets a wiki started,
I'd certainly look at contributing. (hence my previous post
When I said get a wiki started I meant create an article with some
substance
that I can add to ;) You really don't want to let me loose on a brand new one.
- Original Message
From: Eric Shubert e...@shubes.net
To: qmailtoaster-list@qmailtoaster.com
Sent: Thu, March 3, 2011 10:25:20
Eric,
Ill see what I can do. Ill review my old notes on adding it to my
system and what kind of config I used to have success.
I will also list the script that has the trigger for a honeypot
server.
Yes, Hackers are stupid because they are not using their talent for
Hi all.
I installed and is using fail2ban after Eric wrote about it long time ago.
It works perfectly and is doing a nice job blocking different attemps on
my server. (Iptables drop ip)
I am using dovecot and is having fail2ban checking the dovecot log for
bad password attempts (amongst
a page on the wiki sounds like a hero of a thing .
I know that i would like some wisdom on how to implement fail2ban with
my qmailtoaster
On 3/1/2011 9:40 PM, Eric Shubert wrote:
If CJ got it working, then I expect that just about anyone can do it. ;)
JK CJ. Would you care to create a page
Eric: hi, sorry im a new here (principiant), wath do you think about
DENYHOST, insted of fail2ban
i use DENYHOST as a service and work good.
Gustavo
2011/3/1 Eric Shubert e...@shubes.net
Yes, but the attacks appear to be coming from a variety of addresses.
fail2ban will do essentially
DENYHOST works only for SSHD .
2011/3/2 Eric Shubert e...@shubes.net
Hey Gustavo.
I don't know about it, so I have no opinion. Please post a link to more
info. Thanks.
If someone else has some thoughts on this, please chime in.
--
-Eric 'shubes'
On 03/02/2011 10:49 AM, Gustavo
+1000 on this solution.
It works for me. I also have a honeypot that these ips get thrown
into and trapped after so many attempts.
Stupid Hackers LOL:)
--Dave
On 3/1/2011 7:24 PM, Eric Shubert wrote:
Yes,
but the attacks appear to be coming from a
Agreed Eric, but this is a VERY quick simple fix when the thing starts!
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of addresses. fail2ban will do essentially this automatically and
for whatever addresses attacks may come from. fail2ban
Eric Shubert escribió:
Sergio,
.) Be sure you're running the latest spamdyke (4.2.0). 4.1.x versions
had a bug where rejected sessions would not terminate immediately,
causing excessive idle smtp sessions (and ultimately TIMEOUTs). That
may no be affecting you, but you should check to be
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of addresses. fail2ban will do essentially this automatically and
for whatever addresses attacks may come from. fail2ban is much better
I think he said he is not an user yet, but i am looking at:
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg23951.html
Tony White escribió:
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be
I actually use OSSECHIDS for this type of attack. I use fail2ban for
ftp and ssh.
Ole is the chap that knows fail2ban for Qmail. You can install it now
using yum install fail2ban instead of compiling.
On 03/01/2011 06:40 PM, Eric Shubert wrote:
If CJ got it working, then I expect that just
Trouble is Fail2Ban requires the shorewall firewall!
At least if you use the rpm's.
On 02/03/2011 3:58 PM, Maxwell Smart wrote:
I actually use OSSECHIDS for this type of attack. I use fail2ban for
ftp and ssh.
Ole is the chap that knows fail2ban for Qmail. You can install it now
using yum
27 matches
Mail list logo