Angus can you share your tweaks
I use firewalld to check connections to the mail server and that works pretty
well.
> Il giorno 3 giu 2019, alle ore 07:18, Gary Bowling ha scritto:
>
>
> Good reminder to check my fail2ban config. I did and found that it wasn't
> running since moving my config over to Centos 7 and rebuilding my server.
>
>
>
> The systemctl status fail2ban.service gives me no information as to why it's
> not starting nor do the logs.
>
>
>
> So, I guess I need to do some more investigating as to why my service is not
> starting. Any ideas would be helpful. I'm running the same configs as are
> listed in the referenced wiki.
>
>
>
> Gary
>
>
>
>> On 6/3/2019 7:37 AM, Angus McIntyre wrote:
>> If you're smart, you're probably running 'fail2ban' (or something similar)
>> on your qmailtoaster to block password-guessing attempts. You may also have
>> used the rules given at:
>>
>> http://wiki.qmailtoaster.com/index.php/Fail2Ban
>>
>> to configure it.
>>
>> This morning I happened to check my logs and discovered a ridiculous number
>> of password-guessing attempts from a single IP, all of which had apparently
>> gone unblocked by fail2ban. It turned out that the attacker was sending an
>> empty password string, so that the log lines looked something like:
>>
>> vchkpw-submission: null password given phil:192.129.186.58
>>
>> There was no corresponding rule in my '/etc/fail2ban/filter.d/vpopmail.conf'
>> to capture this case, so the attacker was able to try over and over again,
>> unbanned.
>>
>> The attack script seems to be badly broken: it hits the same usernames over
>> and over again, always with the same null password, and without even
>> including the hostname part of the username (i.e. 'phil' rather than
>> 'p...@example.com'), so I'd rate its chances of succeeding as minimal.
>> Still, it'll inflate your log files, so you probably want to ban it.
>>
>> So you might want to consider tweaking your fail2ban configuration to ensure
>> that the failregex in 'vpopmail.conf' successfully matches 'null
>> password given' as well as the default 'vpopmail user not found' string.
>>
>> Angus
>>
>>
>>
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>
>>
> - To
> unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For
> additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com