Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Remo Mattei
Use mod_security for httpd super used for years now. Il giorno 29 dic 2017, alle ore 11:48, Remo Mattei ha scritto: Iptables Here is my rules /etc/firewalld/direct.xml -p tcp --dport 25 -m state --state NEW -m recent --set -p tcp --dport 25 -m state --state NEW -m

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Remo Mattei
Iptables Here is my rules /etc/firewalld/direct.xml -p tcp --dport 25 -m state --state NEW -m recent --set -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j REJECT --reject-w ith tcp-reset -p tcp --dport 25 -m state --state NEW -m recent --update

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Eric Broch
Hi Peter, I have the stock fail2ban configuration set up for qmailtoaster and have never changed it. I just know that it is POSSIBLE with fail2ban to do DOS attack configuration. For http this is one . One

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Peter Peltonen
Never worked with fail2ban before. Care to share your config for qmailtoaster? On Fri, Dec 29, 2017 at 8:56 PM, Eric Broch wrote: > Hi Tony, > > I see this more than I'd like. Sometimes I hear my server cranking away > and upon investigation one day (tail -f

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Eric Broch
Hi Tony, I see this more than I'd like. Sometimes I hear my server cranking away and upon investigation one day (tail -f /var/log/qmail/smtp/current) found connects and immediate disconnects being perpetrated from the same IP address scrolling across the terminal for as long as I cared to watch,

RE: [qmailtoaster] connection issues again.

2017-12-29 Thread Dan McAllister - QMT DNS Admin
To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] connection issues again. Would FAIL2BAN be an ideal setup here? I use it to control the attacks [example: more than 10 failed logins in 1 day, your banned for "X" hours]. Fail2ban also works with the SquirrelMail, Roundcube, etc

RE: [qmailtoaster] connection issues again.

2017-12-29 Thread CarlC Internet Services Service Desk
al Message- From: A. Galatis [mailto:a...@unet.de] Sent: Friday, December 29, 2017 10:25 AM To: qmailtoaster-list@qmailtoaster.com Subject: AW: [qmailtoaster] connection issues again. Hi Tony, i have a script counting authentification errors from ip-addresses. If an address appears mo

AW: [qmailtoaster] connection issues again.

2017-12-29 Thread A. Galatis
, 29. Dezember 2017 15:59 An: qmailtoaster-list@qmailtoaster.com Betreff: Re: [qmailtoaster] connection issues again. Hi Remo Are using some kind of autonomous app/scrpt to block them ? If so, what kind of app/script are you using for drop them ? On 29 Dec 2017 5:19 p.m., "Remo Matte

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread jin
Hi Remo Are using some kind of autonomous app/scrpt to block them ? If so, what kind of app/script are you using for drop them ? On 29 Dec 2017 5:19 p.m., "Remo Mattei" wrote: > Yes I created some rules based on connection time like 30 sec 5 min 30 min > etc. Dropped them. > >

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Remo Mattei
Yes I created some rules based on connection time like 30 sec 5 min 30 min etc. Dropped them. Il giorno 29 dic 2017, alle ore 06:07, Solo ha scritto: Hi Tony. Yes I see a lot - in my logs I think it's those spammers that tries to connect to Your server using a lot of

Re: [qmailtoaster] connection issues again.

2017-12-29 Thread Solo
Hi Tony. Yes I see a lot - in my logs I think it's those spammers that tries to connect to Your server using a lot of different names and end up getting refused by vpopmail - se my logwatch file below (all ip addresses match log entries in maillog and vpopmail) - vpopmail

[qmailtoaster] connection issues again.

2017-12-29 Thread Tony White
Hi folks,   Is anyone else seeing a single ip connecting hundreds even thousands of times but never sending any mail? I end up blocking these using iptables but I do not understand why it is happening. TIA Example 2017-12-30 00:31:31.653614500 tcpserver: status: 2/100 2017-12-30