date:20200418

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread David Bray

Thanks Eric

It's hard to track things but I think I have had success monitoring the
/var/log/maillog

I'm not sure why I didn't pick this up earlier, I'm already using the
fail2ban suggestion of the older qmailtoaster wiki (
http://wiki.qmailtoaster.com/index.php/Fail2Ban), actually had a rule to
process it and have expanded on this now

I've been running email servers most of my working life and still get
tripped up by simple stuff

Thank for your efforts in this area, it helps to talk things out

cheers

David Bray
0418 745334
2 ∞ & <


On Sun, 19 Apr 2020 at 01:12, Eric Broch  wrote:

> It looks like a connect and disconnect. If there was authentication you'd
> see it. I don't think you have anything to worry about here. I'm not saying
> there's not some jerk out there messing with your smtps...just saying it
> may be harmless. That said, do you have a good firewall in place that
> prevents DOS attacks. I use Sonicwall myself but you can do the same thing
> as others have shown with iptables.
>
> Does anyone know how to do the same with the stock firewalld on COS7/8?
> On 4/17/2020 11:49 PM, David Bray wrote:
>
> sure - thanks for replying, this comes in waves taking the server to it's
> maximum at times
>
> as far as I can see this only logs are this:
>
> ==> /var/log/qmail/smtps/current <==
> 2020-04-18 05:04:48.450871500 tcpserver: status: 6/60
> 2020-04-18 05:04:48.480785500 tcpserver: pid 13339 from 141.98.80.30
> 2020-04-18 05:04:48.480787500 tcpserver: ok 13339 
> dev.brayworth.com:172.105.181.18:465
> :141.98.80.30::25638
> 2020-04-18 05:04:52.797644500 tcpserver: status: 7/60
> 2020-04-18 05:04:52.830767500 tcpserver: pid 13340 from 141.98.80.30
> 2020-04-18 05:04:52.830768500 tcpserver: ok 13340 
> dev.brayworth.com:172.105.181.18:465
> :141.98.80.30::14862
> 2020-04-18 05:04:57.248902500 tcpserver: status: 8/60
> 2020-04-18 05:04:57.304003500 tcpserver: pid 13342 from 141.98.80.30
> 2020-04-18 05:04:57.304006500 tcpserver: ok 13342 
> dev.brayworth.com:172.105.181.18:465
> :141.98.80.30::9646
> 2020-04-18 05:05:01.854790500 tcpserver: status: 9/60
> 2020-04-18 05:05:01.902265500 tcpserver: pid 13345 from 141.98.80.30
> 2020-04-18 05:05:01.902266500 tcpserver: ok 13345 
> dev.brayworth.com:172.105.181.18:465
> :141.98.80.30::54058
> 2020-04-18 05:05:09.729711500 tcpserver: end 13338 status 256
> 2020-04-18 05:05:09.729713500 tcpserver: status: 8/60
> 2020-04-18 05:06:05.965715500 tcpserver: end 13342 status 256
> 2020-04-18 05:06:05.965716500 tcpserver: status: 7/60
> 2020-04-18 05:06:06.141272500 tcpserver: end 13340 status 256
> 2020-04-18 05:06:06.141273500 tcpserver: status: 6/60
>
> David Bray
> 0418 745334
> 2 ∞ & <
>
>
> On Sat, 18 Apr 2020 at 15:41, Eric Broch  wrote:
>
>> Can you send the log of one of the "bad" connections?
>>
>> On 4/17/2020 10:59 PM, David Bray wrote:
>>
>> I can see I'm getting hammered on my smtps port
>>
>> How can I mitigate this?
>>
>> I can see the IP's in /var/log/qmail/smtps/current
>>
>> *but where do I actually see that the smtp auth actually fails ?*
>>
>> or do I need to increase the logging somewhere ?
>>
>> if I tail -f /var/log/dovecot.log
>>
>> I can see the imap and pop failures
>>
>> thanks in advance
>>
>> David Bray
>> 0418 745334
>> 2 ∞ & <
>>
>>

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread Tahnan Al Anas

I don't know if anyone use csf firewall. It have many options to prevent
such issues.


--
--

Best Regards
Muhammad Tahnan Al Anas


On Sat, Apr 18, 2020 at 9:12 PM Eric Broch  wrote:

> It looks like a connect and disconnect. If there was authentication you'd
> see it. I don't think you have anything to worry about here. I'm not saying
> there's not some jerk out there messing with your smtps...just saying it
> may be harmless. That said, do you have a good firewall in place that
> prevents DOS attacks. I use Sonicwall myself but you can do the same thing
> as others have shown with iptables.
>
> Does anyone know how to do the same with the stock firewalld on COS7/8?
> On 4/17/2020 11:49 PM, David Bray wrote:
>
> sure - thanks for replying, this comes in waves taking the server to it's
> maximum at times
>
> as far as I can see this only logs are this:
>
> ==> /var/log/qmail/smtps/current <==
> 2020-04-18 05:04:48.450871500 tcpserver: status: 6/60
> 2020-04-18 05:04:48.480785500 tcpserver: pid 13339 from 141.98.80.30
> 2020-04-18 05:04:48.480787500 tcpserver: ok 13339 
> dev.brayworth.com:172.105.181.18:465
> :141.98.80.30::25638
> 2020-04-18 05:04:52.797644500 tcpserver: status: 7/60
> 2020-04-18 05:04:52.830767500 tcpserver: pid 13340 from 141.98.80.30
> 2020-04-18 05:04:52.830768500 tcpserver: ok 13340 
> dev.brayworth.com:172.105.181.18:465
> :141.98.80.30::14862
> 2020-04-18 05:04:57.248902500 tcpserver: status: 8/60
> 2020-04-18 05:04:57.304003500 tcpserver: pid 13342 from 141.98.80.30
> 2020-04-18 05:04:57.304006500 tcpserver: ok 13342 
> dev.brayworth.com:172.105.181.18:465
> :141.98.80.30::9646
> 2020-04-18 05:05:01.854790500 tcpserver: status: 9/60
> 2020-04-18 05:05:01.902265500 tcpserver: pid 13345 from 141.98.80.30
> 2020-04-18 05:05:01.902266500 tcpserver: ok 13345 
> dev.brayworth.com:172.105.181.18:465
> :141.98.80.30::54058
> 2020-04-18 05:05:09.729711500 tcpserver: end 13338 status 256
> 2020-04-18 05:05:09.729713500 tcpserver: status: 8/60
> 2020-04-18 05:06:05.965715500 tcpserver: end 13342 status 256
> 2020-04-18 05:06:05.965716500 tcpserver: status: 7/60
> 2020-04-18 05:06:06.141272500 tcpserver: end 13340 status 256
> 2020-04-18 05:06:06.141273500 tcpserver: status: 6/60
>
> David Bray
> 0418 745334
> 2 ∞ & <
>
>
> On Sat, 18 Apr 2020 at 15:41, Eric Broch  wrote:
>
>> Can you send the log of one of the "bad" connections?
>>
>> On 4/17/2020 10:59 PM, David Bray wrote:
>>
>> I can see I'm getting hammered on my smtps port
>>
>> How can I mitigate this?
>>
>> I can see the IP's in /var/log/qmail/smtps/current
>>
>> *but where do I actually see that the smtp auth actually fails ?*
>>
>> or do I need to increase the logging somewhere ?
>>
>> if I tail -f /var/log/dovecot.log
>>
>> I can see the imap and pop failures
>>
>> thanks in advance
>>
>> David Bray
>> 0418 745334
>> 2 ∞ & <
>>
>>

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread remo

I stopped iptables and moved to pfsense for my front end firewall. Way more 
options and easier to deal with. 

> Il giorno 18 apr 2020, alle ore 08:11, Eric Broch  
> ha scritto:
> 
> 
> It looks like a connect and disconnect. If there was authentication you'd see 
> it. I don't think you have anything to worry about here. I'm not saying 
> there's not some jerk out there messing with your smtps...just saying it may 
> be harmless. That said, do you have a good firewall in place that prevents 
> DOS attacks. I use Sonicwall myself but you can do the same thing as others 
> have shown with iptables.
> 
> Does anyone know how to do the same with the stock firewalld on COS7/8?
> 
> On 4/17/2020 11:49 PM, David Bray wrote:
>> sure - thanks for replying, this comes in waves taking the server to it's 
>> maximum at times
>> 
>> as far as I can see this only logs are this:
>> 
>> ==> /var/log/qmail/smtps/current <==
>> 2020-04-18 05:04:48.450871500 tcpserver: status: 6/60
>> 2020-04-18 05:04:48.480785500 tcpserver: pid 13339 from 141.98.80.30
>> 2020-04-18 05:04:48.480787500 tcpserver: ok 13339 
>> dev.brayworth.com:172.105.181.18:465 :141.98.80.30::25638
>> 2020-04-18 05:04:52.797644500 tcpserver: status: 7/60
>> 2020-04-18 05:04:52.830767500 tcpserver: pid 13340 from 141.98.80.30
>> 2020-04-18 05:04:52.830768500 tcpserver: ok 13340 
>> dev.brayworth.com:172.105.181.18:465 :141.98.80.30::14862
>> 2020-04-18 05:04:57.248902500 tcpserver: status: 8/60
>> 2020-04-18 05:04:57.304003500 tcpserver: pid 13342 from 141.98.80.30
>> 2020-04-18 05:04:57.304006500 tcpserver: ok 13342 
>> dev.brayworth.com:172.105.181.18:465 :141.98.80.30::9646
>> 2020-04-18 05:05:01.854790500 tcpserver: status: 9/60
>> 2020-04-18 05:05:01.902265500 tcpserver: pid 13345 from 141.98.80.30
>> 2020-04-18 05:05:01.902266500 tcpserver: ok 13345 
>> dev.brayworth.com:172.105.181.18:465 :141.98.80.30::54058
>> 2020-04-18 05:05:09.729711500 tcpserver: end 13338 status 256
>> 2020-04-18 05:05:09.729713500 tcpserver: status: 8/60
>> 2020-04-18 05:06:05.965715500 tcpserver: end 13342 status 256
>> 2020-04-18 05:06:05.965716500 tcpserver: status: 7/60
>> 2020-04-18 05:06:06.141272500 tcpserver: end 13340 status 256
>> 2020-04-18 05:06:06.141273500 tcpserver: status: 6/60
>> 
>> David Bray
>> 0418 745334
>> 2 ∞ & <
>> 
>> 
>> On Sat, 18 Apr 2020 at 15:41, Eric Broch  wrote:
>>> Can you send the log of one of the "bad" connections?
>>> 
>>> On 4/17/2020 10:59 PM, David Bray wrote:
>>> 
 I can see I'm getting hammered on my smtps port
 
 How can I mitigate this?
 
 I can see the IP's in /var/log/qmail/smtps/current
 
 but where do I actually see that the smtp auth actually fails ?
 
 or do I need to increase the logging somewhere ?
 
 if I tail -f /var/log/dovecot.log
 
 I can see the imap and pop failures
 
 thanks in advance
 
 David Bray
 0418 745334
 2 ∞ & <
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread Eric Broch

It looks like a connect and disconnect. If there was authentication 
you'd see it. I don't think you have anything to worry about here. I'm 
not saying there's not some jerk out there messing with your 
smtps...just saying it may be harmless. That said, do you have a good 
firewall in place that prevents DOS attacks. I use Sonicwall myself but 
you can do the same thing as others have shown with iptables.


Does anyone know how to do the same with the stock firewalld on COS7/8?

On 4/17/2020 11:49 PM, David Bray wrote:
sure - thanks for replying, this comes in waves taking the server to 
it's maximum at times


as far as I can see this only logs are this:

==> /var/log/qmail/smtps/current <==
2020-04-18 05:04:48.450871500 tcpserver: status: 6/60
2020-04-18 05:04:48.480785500 tcpserver: pid 13339 from 141.98.80.30
2020-04-18 05:04:48.480787500 tcpserver: ok 13339 
dev.brayworth.com:172.105.181.18:465 :141.98.80.30::25638

2020-04-18 05:04:52.797644500 tcpserver: status: 7/60
2020-04-18 05:04:52.830767500 tcpserver: pid 13340 from 141.98.80.30
2020-04-18 05:04:52.830768500 tcpserver: ok 13340 
dev.brayworth.com:172.105.181.18:465 :141.98.80.30::14862

2020-04-18 05:04:57.248902500 tcpserver: status: 8/60
2020-04-18 05:04:57.304003500 tcpserver: pid 13342 from 141.98.80.30
2020-04-18 05:04:57.304006500 tcpserver: ok 13342 
dev.brayworth.com:172.105.181.18:465 :141.98.80.30::9646

2020-04-18 05:05:01.854790500 tcpserver: status: 9/60
2020-04-18 05:05:01.902265500 tcpserver: pid 13345 from 141.98.80.30
2020-04-18 05:05:01.902266500 tcpserver: ok 13345 
dev.brayworth.com:172.105.181.18:465 :141.98.80.30::54058

2020-04-18 05:05:09.729711500 tcpserver: end 13338 status 256
2020-04-18 05:05:09.729713500 tcpserver: status: 8/60
2020-04-18 05:06:05.965715500 tcpserver: end 13342 status 256
2020-04-18 05:06:05.965716500 tcpserver: status: 7/60
2020-04-18 05:06:06.141272500 tcpserver: end 13340 status 256
2020-04-18 05:06:06.141273500 tcpserver: status: 6/60

David Bray
0418 745334
2 ∞ & <


On Sat, 18 Apr 2020 at 15:41, Eric Broch > wrote:


Can you send the log of one of the "bad" connections?

On 4/17/2020 10:59 PM, David Bray wrote:


I can see I'm getting hammered on my smtps port

How can I mitigate this?

I can see the IP's in /var/log/qmail/smtps/current

*but where do I actually see that the smtp auth actually fails ?*

or do I need to increase the logging somewhere ?

if I tail -f /var/log/dovecot.log

I can see the imap and pop failures

thanks in advance

David Bray
0418 745334
2 ∞ & <

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread Leonardo - IW Telecom

Hi David, I don't know if this can help you but I use iptables with
xrecent module to limit 10 connections per minute on each port on my
server: 

iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set
--name SMTP --rsource
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent
--update --seconds 60 --hitcount 10 --name SMTP --rsource -j DROP
iptables -A INPUT -p tcp --dport 110 -m state --state NEW -m recent
--set --name POP3 --rsource
iptables -A INPUT -p tcp --dport 110 -m state --state NEW -m recent
--update --seconds 60 --hitcount 10 --name POP3 --rsource -j DROP
iptables -A INPUT -p tcp --dport 995 -m state --state NEW -m recent
--set --name POP3S --rsource
iptables -A INPUT -p tcp --dport 995 -m state --state NEW -m recent
--update --seconds 60 --hitcount 10 --name POP3S --rsource -j DROP
iptables -A INPUT -p tcp --dport 465 -m state --state NEW -m recent
--set --name SMTPS --rsource
iptables -A INPUT -p tcp --dport 465 -m state --state NEW -m recent
--update --seconds 60 --hitcount 10 --name SMTPS --rsource -j DROP
iptables -A INPUT -p tcp --dport 587 -m state --state NEW -m recent
--set --name SUBMISSION --rsource
iptables -A INPUT -p tcp --dport 587 -m state --state NEW -m recent
--update --seconds 60 --hitcount 10 --name SUBMISSION --rsource -j DROP 

To check the blocked IPs see /proc/net/xt_recent/ 

The bad thing is it uses conntrack to work.

---

Em 2020-04-18 07:33, David Bray escreveu:

> Hi Tony, thanks 
> But not so much looking for a solution to block ips. 
> 
> I'm needing to identify which ips to block 
> 
> On Sat, 18 Apr 2020 at 8:19 pm, Tony White  wrote: 
> 
>> Or this...
>> 
>> -- snip --
>> #!/bin/bash
>> logf="/var/log/blockip.log"
>> mdate=`date +%c`
>> mip=$1
>> ### must be root ###
>> if [ `whoami` != "root" ]; then
>> echo ""
>> echo "$0 must be run as root"
>> echo ""
>> exit 1
>> fi;
>> 
>> if [ $mip == "--help" ]; then
>> echo ""
>> echo "Help: Block single and subnet IP's"
>> echo ""
>> echo "blockip 130.2.1.1"
>> echo "blockip 130.2.1.0/24 [1]"
>> echo ""
>> exit 1
>> fi;
>> 
>> mip1=${mip:0:6};
>> # your lan range if needed or comment out
>> if [ $mip1 == "192.168.1." ]; then  # change ip to suit
>> echo "$mdate Discarding LAN drop request for $mip1" >> $logf
>> exit 1
>> fi;
>> 
>> # whitelist special clients...
>> # change the IP.ADDR.ESS to suit.
>> # comment out to remove
>> if [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ $mip == 
>> "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ 
>> $mip == "IP.ADDR.ESS" ] ; then
>> echo "$mdate Discarding WAN drop request for $mip" >> $logf
>> echo "$mdate Discarding WAN drop request for $mip"
>> exit 1
>> fi;
>> 
>> export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
>> is_ip="grep -Ec 
>> '^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"
>> 
>> if [ `echo $mip |eval $is_ip` != "1" ]; then
>> echo "$mdate Error in IP address $mip" >> $logf
>> echo "$mdate Error in IP address $mip"
>> else
>> iptables -I INPUT -s $mip -j DROP
>> echo "iptables -I INPUT -s $mip -j DROP"
>> echo "iptables -I INPUT -s $mip -j DROP" >> /etc/rc.d/rc.blockedips
>> echo "$mdate now dropping all packets from $mip" >> $logf
>> fi;
>> -- snip --
>> 
>> best wishes
>> Tony White
>> 
>> On 18/4/20 8:09 pm, Tony White wrote:
>> 
>>> Hi David,
>>> Sorry try this instead...
>>> 
>>> -- snip --
>>> #!/bin/sh
>>> logf="/var/log/blacklist_ip.log"
>>> mdate=`date +%c`
>>> ### must be root ###
>>> if [ `whoami` != "root" ]; then
>>> echo ""
>>> echo "$0 must be ran as root"
>>> echo ""
>>> exit 1
>>> fi
>>> export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
>>> is_ip="grep -Ec 
>>> '^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"
>>> 
>>> if [ `echo $1 |eval $is_ip` != "1" ]; then
>>> echo "$mdate Error in IP address $1" >> $logf
>>> else
>>> echo "$1" >> /opt/spamdyke/etc/blacklist_ip
>>> echo "$mdate now dropping all packets from $1" >> $logf
>>> fi
>>> --snip --
>>> 
>>> best wishes
>>> Tony White
>>> On 18/4/20 8:04 pm, Tony White wrote:
>>> 
 Hi David,
 Try using this little script...
 
 -- snip --
 #!/bin/bash
 logf="/var/log/blockip.log"
 mdate=`date +%c`
 mip=$1
 ### must be root ###
 if [ `whoami` != "root" ]; then
 echo ""
 echo "$0 must be run as root"
 echo ""
 exit 1
 fi;
 
 if [ $mip == "--help" ]; then
 echo ""
 echo "Help: Block single and subnet IP's"
 echo ""
 echo "blockip 132.2.1.1"
 echo "blockip 132.1.0/24"
 echo ""
 exit 1
 fi;
 
 -- snip --
 
 worked for me forever...
 Use qtp watchall to monitor the logs

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread Tony White


Hi David,
The ip you are having issues with returns (NXDOMAIN) so try
using this or a variant on the search string to find what
you are looking for.

-- snip --
#!/bin/bash
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
    echo ""
    echo "$0 must be run as root"
    echo ""
    exit 1
fi;

export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
is_ip="grep -Ec 
'^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"

 is_v=`grep $1 /var/log/qmail/smtp/current | wc -l`
 echo "Counted : $is_v entries"

if [ "$is_v" != "" ]; then
   is_host=`host $1`
   echo "Host RDNS = $is_host"
   if echo "$is_host" | grep -q "(NXDOMAIN)"; then
   #  echo "(NX Domain) found, block IP automatically..."
   # /lscripts/blockip $mip
    read -p "(NX Domain) found, block IP automatically Y/N : " yn
    case $yn in
  [Yy]* ) `/lscripts/blockip $mip`;;
  [Nn]* ) exit;;
    esac
   fi;
fi;

-- snip --

Try this to count the number of times an ip connects..

--snip --
#!/bin/bash
PATTERN="DENIED"
FILE="/var/log/qmail/smtp/current"
f1="/tmp/ips.txt"
f2="/tmp/current.txt"
f3="/tmp/ipn.txt"

if [ -n "$1" ] ;
then
  cd /var/log/qmail/smtp
  newfile=`lshead -t @* | head -n1`
  echo "Scanning : "$newfile
  FILE="/var/log/qmail/smtp/$newfile"
fi

echo $FILE

[[ -f "$f1" ]] && rm -f "$f1"
[[ -f "$f2" ]] && rm -f "$f2"
# was -q between grep ans $PATTERN
if grep -q $PATTERN $FILE;
 then
 #echo "Here are the Strings with the Pattern '$PATTERN':"
 echo -e "$(grep $PATTERN $FILE > $f2)\n"
 #echo -e "$(wc -l $f2)\n"
 while read line
 do
  ar=($line)
  #echo -e "${ar[8]}\n"
  echo -e ${ar[8]}>> "$f1"
    done < "$f2"
    echo -e "$(sort -n $f1 > $f3)"
    echo -e "$(uniq -dc $f3)"
  else
 echo "Error: The Pattern '$PATTERN' was NOT Found in '$FILE'"
 echo "Exiting..."
 exit 0
fi

-- snip --

best wishes
  Tony White

On 18/4/20 8:33 pm, David Bray wrote:


Hi Tony, thanks
But not so much looking for a solution to block ips.

I’m needing to identify which ips to block

On Sat, 18 Apr 2020 at 8:19 pm, Tony White mailto:t...@ycs.com.au>> wrote:

Or this...

-- snip --
#!/bin/bash
logf="/var/log/blockip.log"
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
 echo ""
 echo "$0 must be run as root"
 echo ""
 exit 1
fi;

if [ $mip == "--help" ]; then
   echo ""
   echo "Help: Block single and subnet IP's"
   echo ""
   echo "blockip 130.2.1.1"
   echo "blockip 130.2.1.0/24 "
   echo ""
   exit 1
fi;

mip1=${mip:0:6};
# your lan range if needed or comment out
if [ $mip1 == "192.168.1." ]; then  # change ip to suit
   echo "$mdate Discarding LAN drop request for $mip1" >> $logf
   exit 1
fi;


# whitelist special clients...
# change the IP.ADDR.ESS to suit.
# comment out to remove
if [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" 
] || [ $mip == "IP.ADDR.ESS" ] || [
$mip == "IP.ADDR.ESS" ] ; then
   echo "$mdate Discarding WAN drop request for $mip" >> $logf
   echo "$mdate Discarding WAN drop request for $mip"
   exit 1
fi;

export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
is_ip="grep -Ec 
'^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"

if [ `echo $mip |eval $is_ip` != "1" ]; then
   echo "$mdate Error in IP address $mip" >> $logf
   echo "$mdate Error in IP address $mip"
else
   iptables -I INPUT -s $mip -j DROP
   echo "iptables -I INPUT -s $mip -j DROP"
   echo "iptables -I INPUT -s $mip -j DROP" >> /etc/rc.d/rc.blockedips
   echo "$mdate now dropping all packets from $mip" >> $logf
fi;
-- snip --

best wishes
   Tony White

On 18/4/20 8:09 pm, Tony White wrote:

> Hi David,
>   Sorry try this instead...
>
> -- snip --
> #!/bin/sh
> logf="/var/log/blacklist_ip.log"
> mdate=`date +%c`
> ### must be root ###
> if [ `whoami` != "root" ]; then
>     echo ""
>     echo "$0 must be ran as root"
>     echo ""
>     exit 1
> fi
> export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
> is_ip="grep -Ec 
'^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"
>
> if [ `echo $1 |eval $is_ip` != "1" ]; then
> echo "$mdate Error in IP address $1" >> $logf
> else
> echo "$1" >> /opt/spamdyke/etc/blacklist_ip
> echo "$mdate now dropping all packets from $1" >> $logf
> fi
> --snip --
>
> best wishes
>   Tony White
> On

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread David Bray

Hi Tony, thanks
But not so much looking for a solution to block ips.

I’m needing to identify which ips to block

On Sat, 18 Apr 2020 at 8:19 pm, Tony White  wrote:

> Or this...
>
> -- snip --
> #!/bin/bash
> logf="/var/log/blockip.log"
> mdate=`date +%c`
> mip=$1
> ### must be root ###
> if [ `whoami` != "root" ]; then
>  echo ""
>  echo "$0 must be run as root"
>  echo ""
>  exit 1
> fi;
>
> if [ $mip == "--help" ]; then
>echo ""
>echo "Help: Block single and subnet IP's"
>echo ""
>echo "blockip 130.2.1.1"
>echo "blockip 130.2.1.0/24"
>echo ""
>exit 1
> fi;
>
> mip1=${mip:0:6};
> # your lan range if needed or comment out
> if [ $mip1 == "192.168.1." ]; then  # change ip to suit
>echo "$mdate Discarding LAN drop request for $mip1" >> $logf
>exit 1
> fi;
>
>
> # whitelist special clients...
> # change the IP.ADDR.ESS to suit.
> # comment out to remove
> if [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ $mip ==
> "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [
> $mip == "IP.ADDR.ESS" ] ; then
>echo "$mdate Discarding WAN drop request for $mip" >> $logf
>echo "$mdate Discarding WAN drop request for $mip"
>exit 1
> fi;
>
> export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
> is_ip="grep -Ec
> '^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"
>
> if [ `echo $mip |eval $is_ip` != "1" ]; then
>echo "$mdate Error in IP address $mip" >> $logf
>echo "$mdate Error in IP address $mip"
> else
>iptables -I INPUT -s $mip -j DROP
>echo "iptables -I INPUT -s $mip -j DROP"
>echo "iptables -I INPUT -s $mip -j DROP" >> /etc/rc.d/rc.blockedips
>echo "$mdate now dropping all packets from $mip" >> $logf
> fi;
> -- snip --
>
> best wishes
>Tony White
>
> On 18/4/20 8:09 pm, Tony White wrote:
>
> > Hi David,
> >   Sorry try this instead...
> >
> > -- snip --
> > #!/bin/sh
> > logf="/var/log/blacklist_ip.log"
> > mdate=`date +%c`
> > ### must be root ###
> > if [ `whoami` != "root" ]; then
> > echo ""
> > echo "$0 must be ran as root"
> > echo ""
> > exit 1
> > fi
> > export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
> > is_ip="grep -Ec
> '^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"
> >
> > if [ `echo $1 |eval $is_ip` != "1" ]; then
> > echo "$mdate Error in IP address $1" >> $logf
> > else
> > echo "$1" >> /opt/spamdyke/etc/blacklist_ip
> > echo "$mdate now dropping all packets from $1" >> $logf
> > fi
> > --snip --
> >
> > best wishes
> >   Tony White
> > On 18/4/20 8:04 pm, Tony White wrote:
> >
> >> Hi David,
> >>   Try using this little script...
> >>
> >> -- snip --
> >> #!/bin/bash
> >> logf="/var/log/blockip.log"
> >> mdate=`date +%c`
> >> mip=$1
> >> ### must be root ###
> >> if [ `whoami` != "root" ]; then
> >> echo ""
> >> echo "$0 must be run as root"
> >> echo ""
> >> exit 1
> >> fi;
> >>
> >> if [ $mip == "--help" ]; then
> >>   echo ""
> >>   echo "Help: Block single and subnet IP's"
> >>   echo ""
> >>   echo "blockip 132.2.1.1"
> >>   echo "blockip 132.1.0/24"
> >>   echo ""
> >>   exit 1
> >> fi;
> >>
> >> -- snip --
> >>
> >> worked for me forever...
> >> Use qtp watchall to monitor the logs and use th output to manually
> block ips or subnets
> >>
> >> If you need more hit me off list.
> >>
> >> best wishes
> >>   Tony White
> >> On 18/4/20 2:59 pm, David Bray wrote:
> >>
> >>> I can see I'm getting hammered on my smtps port
> >>>
> >>> How can I mitigate this?
> >>>
> >>> I can see the IP's in /var/log/qmail/smtps/current
> >>>
> >>> *but where do I actually see that the smtp auth actually fails ?*
> >>>
> >>> or do I need to increase the logging somewhere ?
> >>>
> >>> if I tail -f /var/log/dovecot.log
> >>>
> >>> I can see the imap and pop failures
> >>>
> >>> thanks in advance
> >>>
> >>> David Bray
> >>> 0418 745334
> >>> 2 ∞ & <
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> >> For additional commands, e-mail:
> qmailtoaster-list-h...@qmailtoaster.com
> >>
> >
> >
> > -
> > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> >
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
> --
# David

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread Tony White


Or this...

-- snip --
#!/bin/bash
logf="/var/log/blockip.log"
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
    echo ""
    echo "$0 must be run as root"
    echo ""
    exit 1
fi;

if [ $mip == "--help" ]; then
  echo ""
  echo "Help: Block single and subnet IP's"
  echo ""
  echo "blockip 130.2.1.1"
  echo "blockip 130.2.1.0/24"
  echo ""
  exit 1
fi;

mip1=${mip:0:6};
# your lan range if needed or comment out
if [ $mip1 == "192.168.1." ]; then  # change ip to suit
  echo "$mdate Discarding LAN drop request for $mip1" >> $logf
  exit 1
fi;


# whitelist special clients...
# change the IP.ADDR.ESS to suit.
# comment out to remove
if [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ 
$mip == "IP.ADDR.ESS" ] ; then

  echo "$mdate Discarding WAN drop request for $mip" >> $logf
  echo "$mdate Discarding WAN drop request for $mip"
  exit 1
fi;

export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
is_ip="grep -Ec 
'^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"

if [ `echo $mip |eval $is_ip` != "1" ]; then
  echo "$mdate Error in IP address $mip" >> $logf
  echo "$mdate Error in IP address $mip"
else
  iptables -I INPUT -s $mip -j DROP
  echo "iptables -I INPUT -s $mip -j DROP"
  echo "iptables -I INPUT -s $mip -j DROP" >> /etc/rc.d/rc.blockedips
  echo "$mdate now dropping all packets from $mip" >> $logf
fi;
-- snip --

best wishes
  Tony White

On 18/4/20 8:09 pm, Tony White wrote:


Hi David,
  Sorry try this instead...

-- snip --
#!/bin/sh
logf="/var/log/blacklist_ip.log"
mdate=`date +%c`
### must be root ###
if [ `whoami` != "root" ]; then
    echo ""
    echo "$0 must be ran as root"
    echo ""
    exit 1
fi
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
is_ip="grep -Ec 
'^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"

if [ `echo $1 |eval $is_ip` != "1" ]; then
echo "$mdate Error in IP address $1" >> $logf
else
echo "$1" >> /opt/spamdyke/etc/blacklist_ip
echo "$mdate now dropping all packets from $1" >> $logf
fi
--snip --

best wishes
  Tony White
On 18/4/20 8:04 pm, Tony White wrote:


Hi David,
  Try using this little script...

-- snip --
#!/bin/bash
logf="/var/log/blockip.log"
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
    echo ""
    echo "$0 must be run as root"
    echo ""
    exit 1
fi;

if [ $mip == "--help" ]; then
  echo ""
  echo "Help: Block single and subnet IP's"
  echo ""
  echo "blockip 132.2.1.1"
  echo "blockip 132.1.0/24"
  echo ""
  exit 1
fi;

-- snip --

worked for me forever...
Use qtp watchall to monitor the logs and use th output to manually block ips or 
subnets

If you need more hit me off list.

best wishes
  Tony White
On 18/4/20 2:59 pm, David Bray wrote:


I can see I'm getting hammered on my smtps port

How can I mitigate this?

I can see the IP's in /var/log/qmail/smtps/current

*but where do I actually see that the smtp auth actually fails ?*

or do I need to increase the logging somewhere ?

if I tail -f /var/log/dovecot.log

I can see the imap and pop failures

thanks in advance

David Bray
0418 745334
2 ∞ & <



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread David Bray

Hi thanks - yes can block that IP
But it’s not just one, and the solution is not fine enough
I want more of a fail2ban rule, bad use bad pass 3 strikes your out

I need to know they are mucking round.

I tried sending myself through the port with a bad password- sure it blocks
it, but there is no log of the event - it looks like a legit, connection
from Ann IP

On Sat, 18 Apr 2020 at 7:30 pm, Chris  wrote:

> Here's a great article with instructions on how to implement an IP
> blacklist in iptables. Unless you've got a user in Panama, it looks like
> you's want to block 141.98.80.30
>
> https://linux-audit.com/blocking-ip-addresses-in-linux-with-iptables/
>
> On Sat, Apr 18, 2020 at 5:49 PM David Bray  wrote:
>
>> sure - thanks for replying, this comes in waves taking the server to it's
>> maximum at times
>>
>> as far as I can see this only logs are this:
>>
>> ==> /var/log/qmail/smtps/current <==
>> 2020-04-18 05:04:48.450871500 tcpserver: status: 6/60
>> 2020-04-18 05:04:48.480785500 tcpserver: pid 13339 from 141.98.80.30
>> 2020-04-18 05:04:48.480787500 tcpserver: ok 13339 
>> dev.brayworth.com:172.105.181.18:465
>> :141.98.80.30::25638
>> 2020-04-18 05:04:52.797644500 tcpserver: status: 7/60
>> 2020-04-18 05:04:52.830767500 tcpserver: pid 13340 from 141.98.80.30
>> 2020-04-18 05:04:52.830768500 tcpserver: ok 13340 
>> dev.brayworth.com:172.105.181.18:465
>> :141.98.80.30::14862
>> 2020-04-18 05:04:57.248902500 tcpserver: status: 8/60
>> 2020-04-18 05:04:57.304003500 tcpserver: pid 13342 from 141.98.80.30
>> 2020-04-18 05:04:57.304006500 tcpserver: ok 13342 
>> dev.brayworth.com:172.105.181.18:465
>> :141.98.80.30::9646
>> 2020-04-18 05:05:01.854790500 tcpserver: status: 9/60
>> 2020-04-18 05:05:01.902265500 tcpserver: pid 13345 from 141.98.80.30
>> 2020-04-18 05:05:01.902266500 tcpserver: ok 13345 
>> dev.brayworth.com:172.105.181.18:465
>> :141.98.80.30::54058
>> 2020-04-18 05:05:09.729711500 tcpserver: end 13338 status 256
>> 2020-04-18 05:05:09.729713500 tcpserver: status: 8/60
>> 2020-04-18 05:06:05.965715500 tcpserver: end 13342 status 256
>> 2020-04-18 05:06:05.965716500 tcpserver: status: 7/60
>> 2020-04-18 05:06:06.141272500 tcpserver: end 13340 status 256
>> 2020-04-18 05:06:06.141273500 tcpserver: status: 6/60
>>
>> David Bray
>> 0418 745334
>> 2 ∞ & <
>>
>>
>> On Sat, 18 Apr 2020 at 15:41, Eric Broch  wrote:
>>
>>> Can you send the log of one of the "bad" connections?
>>>
>>> On 4/17/2020 10:59 PM, David Bray wrote:
>>>
>>> I can see I'm getting hammered on my smtps port
>>>
>>> How can I mitigate this?
>>>
>>> I can see the IP's in /var/log/qmail/smtps/current
>>>
>>> *but where do I actually see that the smtp auth actually fails ?*
>>>
>>> or do I need to increase the logging somewhere ?
>>>
>>> if I tail -f /var/log/dovecot.log
>>>
>>> I can see the imap and pop failures
>>>
>>> thanks in advance
>>>
>>> David Bray
>>> 0418 745334
>>> 2 ∞ & <
>>>
>>> --
# David

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread Tony White


Hi David,
  Sorry try this instead...

-- snip --
#!/bin/sh
logf="/var/log/blacklist_ip.log"
mdate=`date +%c`
### must be root ###
if [ `whoami` != "root" ]; then
    echo ""
    echo "$0 must be ran as root"
    echo ""
    exit 1
fi
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
is_ip="grep -Ec 
'^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"

if [ `echo $1 |eval $is_ip` != "1" ]; then
echo "$mdate Error in IP address $1" >> $logf
else
echo "$1" >> /opt/spamdyke/etc/blacklist_ip
echo "$mdate now dropping all packets from $1" >> $logf
fi
--snip --

best wishes
  Tony White
On 18/4/20 8:04 pm, Tony White wrote:


Hi David,
  Try using this little script...

-- snip --
#!/bin/bash
logf="/var/log/blockip.log"
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
    echo ""
    echo "$0 must be run as root"
    echo ""
    exit 1
fi;

if [ $mip == "--help" ]; then
  echo ""
  echo "Help: Block single and subnet IP's"
  echo ""
  echo "blockip 132.2.1.1"
  echo "blockip 132.1.0/24"
  echo ""
  exit 1
fi;

-- snip --

worked for me forever...
Use qtp watchall to monitor the logs and use th output to manually block ips or 
subnets

If you need more hit me off list.

best wishes
  Tony White
On 18/4/20 2:59 pm, David Bray wrote:


I can see I'm getting hammered on my smtps port

How can I mitigate this?

I can see the IP's in /var/log/qmail/smtps/current

*but where do I actually see that the smtp auth actually fails ?*

or do I need to increase the logging somewhere ?

if I tail -f /var/log/dovecot.log

I can see the imap and pop failures

thanks in advance

David Bray
0418 745334
2 ∞ & <



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread Tony White


Hi David,
  Try using this little script...

-- snip --
#!/bin/bash
logf="/var/log/blockip.log"
mdate=`date +%c`
mip=$1
### must be root ###
if [ `whoami` != "root" ]; then
    echo ""
    echo "$0 must be run as root"
    echo ""
    exit 1
fi;

if [ $mip == "--help" ]; then
  echo ""
  echo "Help: Block single and subnet IP's"
  echo ""
  echo "blockip 132.2.1.1"
  echo "blockip 132.1.0/24"
  echo ""
  exit 1
fi;

-- snip --

worked for me forever...
Use qtp watchall to monitor the logs and use th output to manually block ips or 
subnets

If you need more hit me off list.

best wishes
  Tony White
On 18/4/20 2:59 pm, David Bray wrote:


I can see I'm getting hammered on my smtps port

How can I mitigate this?

I can see the IP's in /var/log/qmail/smtps/current

*but where do I actually see that the smtp auth actually fails ?*

or do I need to increase the logging somewhere ?

if I tail -f /var/log/dovecot.log

I can see the imap and pop failures

thanks in advance

David Bray
0418 745334
2 ∞ & <



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread Chris

Here's a great article with instructions on how to implement an IP
blacklist in iptables. Unless you've got a user in Panama, it looks like
you's want to block 141.98.80.30

https://linux-audit.com/blocking-ip-addresses-in-linux-with-iptables/

On Sat, Apr 18, 2020 at 5:49 PM David Bray  wrote:

> sure - thanks for replying, this comes in waves taking the server to it's
> maximum at times
>
> as far as I can see this only logs are this:
>
> ==> /var/log/qmail/smtps/current <==
> 2020-04-18 05:04:48.450871500 tcpserver: status: 6/60
> 2020-04-18 05:04:48.480785500 tcpserver: pid 13339 from 141.98.80.30
> 2020-04-18 05:04:48.480787500 tcpserver: ok 13339 
> dev.brayworth.com:172.105.181.18:465
> :141.98.80.30::25638
> 2020-04-18 05:04:52.797644500 tcpserver: status: 7/60
> 2020-04-18 05:04:52.830767500 tcpserver: pid 13340 from 141.98.80.30
> 2020-04-18 05:04:52.830768500 tcpserver: ok 13340 
> dev.brayworth.com:172.105.181.18:465
> :141.98.80.30::14862
> 2020-04-18 05:04:57.248902500 tcpserver: status: 8/60
> 2020-04-18 05:04:57.304003500 tcpserver: pid 13342 from 141.98.80.30
> 2020-04-18 05:04:57.304006500 tcpserver: ok 13342 
> dev.brayworth.com:172.105.181.18:465
> :141.98.80.30::9646
> 2020-04-18 05:05:01.854790500 tcpserver: status: 9/60
> 2020-04-18 05:05:01.902265500 tcpserver: pid 13345 from 141.98.80.30
> 2020-04-18 05:05:01.902266500 tcpserver: ok 13345 
> dev.brayworth.com:172.105.181.18:465
> :141.98.80.30::54058
> 2020-04-18 05:05:09.729711500 tcpserver: end 13338 status 256
> 2020-04-18 05:05:09.729713500 tcpserver: status: 8/60
> 2020-04-18 05:06:05.965715500 tcpserver: end 13342 status 256
> 2020-04-18 05:06:05.965716500 tcpserver: status: 7/60
> 2020-04-18 05:06:06.141272500 tcpserver: end 13340 status 256
> 2020-04-18 05:06:06.141273500 tcpserver: status: 6/60
>
> David Bray
> 0418 745334
> 2 ∞ & <
>
>
> On Sat, 18 Apr 2020 at 15:41, Eric Broch  wrote:
>
>> Can you send the log of one of the "bad" connections?
>>
>> On 4/17/2020 10:59 PM, David Bray wrote:
>>
>> I can see I'm getting hammered on my smtps port
>>
>> How can I mitigate this?
>>
>> I can see the IP's in /var/log/qmail/smtps/current
>>
>> *but where do I actually see that the smtp auth actually fails ?*
>>
>> or do I need to increase the logging somewhere ?
>>
>> if I tail -f /var/log/dovecot.log
>>
>> I can see the imap and pop failures
>>
>> thanks in advance
>>
>> David Bray
>> 0418 745334
>> 2 ∞ & <
>>
>>

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

12 matches

Site Navigation

Mail list logo

Footer information