Thanks Eric
It's hard to track things but I think I have had success monitoring the
/var/log/maillog
I'm not sure why I didn't pick this up earlier, I'm already using the
fail2ban suggestion of the older qmailtoaster wiki (
http://wiki.qmailtoaster.com/index.php/Fail2Ban), actually had a rule to
I don't know if anyone use csf firewall. It have many options to prevent
such issues.
--
--
Best Regards
Muhammad Tahnan Al Anas
On Sat, Apr 18, 2020 at 9:12 PM Eric Broch wrote:
> It looks like a connect and disconnect. If there was authentication you'd
> see it. I don't think you have
I stopped iptables and moved to pfsense for my front end firewall. Way more
options and easier to deal with.
> Il giorno 18 apr 2020, alle ore 08:11, Eric Broch
> ha scritto:
>
>
> It looks like a connect and disconnect. If there was authentication you'd see
> it. I don't think you have
It looks like a connect and disconnect. If there was authentication
you'd see it. I don't think you have anything to worry about here. I'm
not saying there's not some jerk out there messing with your
smtps...just saying it may be harmless. That said, do you have a good
firewall in place that
Hi David, I don't know if this can help you but I use iptables with
xrecent module to limit 10 connections per minute on each port on my
server:
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set
--name SMTP --rsource
iptables -A INPUT -p tcp --dport 25 -m state --state NEW
Hi David,
The ip you are having issues with returns (NXDOMAIN) so try
using this or a variant on the search string to find what
you are looking for.
-- snip --
#!/bin/bash
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
echo ""
echo "$0 must be run as
Hi Tony, thanks
But not so much looking for a solution to block ips.
I’m needing to identify which ips to block
On Sat, 18 Apr 2020 at 8:19 pm, Tony White wrote:
> Or this...
>
> -- snip --
> #!/bin/bash
> logf="/var/log/blockip.log"
> mdate=`date +%c`
> mip=$1
> ### must be root ###
> if [
Or this...
-- snip --
#!/bin/bash
logf="/var/log/blockip.log"
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
echo ""
echo "$0 must be run as root"
echo ""
exit 1
fi;
if [ $mip == "--help" ]; then
echo
Hi thanks - yes can block that IP
But it’s not just one, and the solution is not fine enough
I want more of a fail2ban rule, bad use bad pass 3 strikes your out
I need to know they are mucking round.
I tried sending myself through the port with a bad password- sure it blocks
it, but there is no
Hi David,
Sorry try this instead...
-- snip --
#!/bin/sh
logf="/var/log/blacklist_ip.log"
mdate=`date +%c`
### must be root ###
if [ `whoami` != "root" ]; then
echo ""
echo "$0 must be ran as root"
echo ""
exit 1
fi
export
Hi David,
Try using this little script...
-- snip --
#!/bin/bash
logf="/var/log/blockip.log"
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
echo ""
echo "$0 must be run as root"
echo ""
exit 1
fi;
if [ $mip == "--help" ]; then
Here's a great article with instructions on how to implement an IP
blacklist in iptables. Unless you've got a user in Panama, it looks like
you's want to block 141.98.80.30
https://linux-audit.com/blocking-ip-addresses-in-linux-with-iptables/
On Sat, Apr 18, 2020 at 5:49 PM David Bray wrote:
>
12 matches
Mail list logo
