Thank you very much
Then
1) i'll change 3 by 1 in a file /var/qmail/control/spfbehavior
This means no reject spf. Is correct
2) change spammer with: ( but where???) (/var/??)
# add score to pass SPF
header spf_pass Received-SPF =~ /\bpass\b/
describe spf_pass SPF Test Pass
score
1. correct. qmt will not reject email if it doesn't have valid SPF
2. sorry I forgot to tell you. create file in
/etc/mail/spamassassin/70_custom_rule.cf
then restart qmail
detail here:
http://www.am3n.co.cc/2011/03/01/spamassasin-custom-rules-to-check-spf-b/
Thank you very much
Then
1) i'll
you great! thanks YO!!!
Gustavo
2011/3/1 PakOgah pako...@pala.bo-tak.info
1. correct. qmt will not reject email if it doesn't have valid SPF
2. sorry I forgot to tell you. create file in
/etc/mail/spamassassin/70_custom_rule.cf
then restart qmail
detail here:
On 02/28/2011 11:03 PM, Sue Jones wrote:
Hello,
I am trying to update some of my qmailtoaster files using
qtp-newmodel, but am running into a problem because we are running it
on CentOS 5.3 and getting an error when installing the dependencies
(see output below).
I tried to create a .mailfilter rules based on slamp slamp example
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg15443.html
which will deliver email with subject contain qmailtoaster to folder
qmailtoaster
and email with subject contain SPAM or BULK to folder Spam
and other
On 03/01/2011 07:46 AM, Jake Vickers wrote:
On 02/28/2011 11:03 PM, Sue Jones wrote:
Hello,
I am trying to update some of my qmailtoaster files using
qtp-newmodel, but am running into a problem because we are running it
on CentOS 5.3 and getting an error when installing the dependencies
(see
On 02/27/2011 09:22 PM, Dan McAllister wrote:
Greetings all...
I've been using QTP almost since its inception -- I love most of the
scripts and find most to be refreshingly robust.
I say most, because I did another QMT install this weekend and decided
to spend a little time trying to debug an
Ban the bad guy IP at the firewall level.
Best wishes,
Edwin
On 03/02/2011 08:25 AM, Sergio M wrote:
Hi there list,
i have been under heavy traffic since sunday, and its been using all
my inbound connections.
I have a QMT updated box, running the latest spamdyke:
# qtp-whatami
/qtp-whatami
Sergio,
.) Be sure you're running the latest spamdyke (4.2.0). 4.1.x versions
had a bug where rejected sessions would not terminate immediately,
causing excessive idle smtp sessions (and ultimately TIMEOUTs). That may
no be affecting you, but you should check to be sure. Run
Try this at the command line and as root!
iptables -I INPUT -s 11.22.33.44 -j DROP
This will stop him dead in his tracks.
You can use this command for any ip address that gives
you a problem.
On 02/03/2011 11:25 AM, Sergio M wrote:
Hi there list,
i have been under heavy traffic since sunday,
Yes, but the attacks appear to be coming from a variety of addresses.
fail2ban will do essentially this automatically and for whatever
addresses attacks may come from. fail2ban is much better solution imo.
--
-Eric 'shubes'
On 03/01/2011 06:14 PM, Tony White wrote:
Try this at the command
Greylisting process not work in this problem ?
2011/3/1, Eric Shubert e...@shubes.net:
Sergio,
.) Be sure you're running the latest spamdyke (4.2.0). 4.1.x versions
had a bug where rejected sessions would not terminate immediately,
causing excessive idle smtp sessions (and ultimately
Agreed Eric, but this is a VERY quick simple fix when the thing starts!
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of addresses. fail2ban will do essentially this automatically and
for whatever addresses attacks may come from. fail2ban
Eric Shubert escribió:
Sergio,
.) Be sure you're running the latest spamdyke (4.2.0). 4.1.x versions
had a bug where rejected sessions would not terminate immediately,
causing excessive idle smtp sessions (and ultimately TIMEOUTs). That
may no be affecting you, but you should check to be
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of addresses. fail2ban will do essentially this automatically and
for whatever addresses attacks may come from. fail2ban is much better
I think he said he is not an user yet, but i am looking at:
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg23951.html
Tony White escribió:
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be
Tony,
Does this append the existing iptable with the offending IP?
I use fail2ban and it works great. OSSEC HIDS is a good tool too. I
use them both actually.
CJ
On 03/01/2011 05:14 PM, Tony White wrote:
Try this at the command line and as root!
iptables -I INPUT -s 11.22.33.44 -j DROP
I don't think so. The hacker is trying to authenticate, and failing.
Greylisting would prohibit mail from being received, but the problem
occurs before an email is transmitted.
Thanks for the suggestion though.
--
-Eric 'shubes'
On 03/01/2011 06:38 PM, Carlos Herrera Polo wrote:
Greylisting
Are all of the username portions of the e-mail addresses legitimate e-mails?
IE, it looks like you cleansed the domain portion, but, in the log, are the
all, or most, of the e-mails legitimate?
I've seen this with random attempts at guessing e-mails and passwords, but
not with all legit e-mails.
True enough. Can be a quick and dirty (temporary) fix.
--
-Eric 'shubes'
On 03/01/2011 06:44 PM, Tony White wrote:
Agreed Eric, but this is a VERY quick simple fix when the thing starts!
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of
Michael Colvin escribió:
Are all of the username portions of the e-mail addresses legitimate e-mails?
IE, it looks like you cleansed the domain portion, but, in the log, are the
all, or most, of the e-mails legitimate?
I've seen this with random attempts at guessing e-mails and passwords, but
If CJ got it working, then I expect that just about anyone can do it. ;)
JK CJ. Would you care to create a page on the wiki for this?
--
-Eric 'shubes'
On 03/01/2011 06:58 PM, Cecil Yother, Jr. wrote:
Tony,
Does this append the existing iptable with the offending IP?
I use fail2ban and it
I haven't implemented Fail2Ban yet. Been meaning to, but haven't had the
need. I believe others on this list have though.
--
-Eric 'shubes'
On 03/01/2011 06:52 PM, Tony White wrote:
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but
Well... My first thought would be to isolate this domain from my mail
server, so that it isn't affecting my other customers.
Perhaps changing DNS (Change the IP for the server to something non-existent
for now, like 192.168.0.1 or something.) Likely won't stop it immediately
but might prevent
Sounds like they may have gotten hit with a virus or pissed someone off.
I would block the domain from relaying inform the customer, possibly
make them change their email account passwords if it's not a large
organization. Ask them to relay through their provider if possible for
the time
I agree about Fail2Ban. That's your ultimate goal, but for me, getting the
other users of the mail server back online is first... (Assuming you can
w/o using Fail2ban)
I've found once attacks like this get effectively blocked, they go away,
unless as South says, they pissed someone off and are
South Computers escribió:
Sounds like they may have gotten hit with a virus or pissed someone
off. I would block the domain from relaying inform the customer,
possibly make them change their email account passwords if it's not a
large organization. Ask them to relay through their provider if
It does yes!
On 02/03/2011 12:58 PM, Cecil Yother, Jr. wrote:
Tony,
Does this append the existing iptable with the offending IP?
I use fail2ban and it works great. OSSEC HIDS is a good tool too. I
use them both actually.
CJ
On 03/01/2011 05:14 PM, Tony White wrote:
Try this at the
Hi,
FWIIW I have some scripts that you can download
from my ftp server in the pub/qtp folder. They are
not all documented but they are reasonably simple
scripts that can be understood easily.
goto
ftp.ycs.com.au
cd /pub/qtp
qtp user are welcome to them but please use
anonymous and your email
I found this to use fail2ban to block vpopmail failed passwd attempts,
but cannot make it work.
Its in spanish, but the code is in english anyway.
http://systemadmin.es/2011/01/anadir-nuevas-reglas-de-filtrado-a-fail2ban
any ideas, specially about the regex?
Thanks!
-Sergio
Fail2Ban does not work with qmail out of the box.
The scripting for the qmail log files needs to be
written specifically for fail2ban.
Has anyone managed to do this yet?
If so what price your script please?
On 02/03/2011 2:09 PM, Sergio M wrote:
South Computers escribió:
Sounds like they
I actually use OSSECHIDS for this type of attack. I use fail2ban for
ftp and ssh.
Ole is the chap that knows fail2ban for Qmail. You can install it now
using yum install fail2ban instead of compiling.
On 03/01/2011 06:40 PM, Eric Shubert wrote:
If CJ got it working, then I expect that just
Trouble is Fail2Ban requires the shorewall firewall!
At least if you use the rpm's.
On 02/03/2011 3:58 PM, Maxwell Smart wrote:
I actually use OSSECHIDS for this type of attack. I use fail2ban for
ftp and ssh.
Ole is the chap that knows fail2ban for Qmail. You can install it now
using yum
33 matches
Mail list logo