[vchkpw] Re: Howto block querys from user?
Hello List, On Sunday, March 14, 2004 at 4:57:06 PM [EMAIL PROTECTED] wrote (at least in part): >> > Mar 14 15:29:26 icebear vpopmail[3787]: vchkpw-pop3: vpopmail user not >> > found web150p1@:217.233.6.196 >> [...] >> > Have someone of you an idea how I can block these user or how I can >> > add this IP temp. into iptables? >> >> $> echo '217.233.6.196:deny' >>~vpopmail/etc/tcp.smtp >> $> clearopensmtp >> >> Assuming your tcp.smtp file is located in ~vpopmail/etc. >> >> You'll not need to make an effort and configure IPTABLES, tcpserver is >> able to reject the connection by itself (when told in .cdb file). > Will I have a chance to fight against BruteForce-Attacks? No. Not this way. You'll need a patch discussed not long ago which logs the login attempts and reacts according to this data. Have a look at the archive for further information. The subject of corresponding thread was "Heureka! Finished POP3-Frequency-Patch (against bruteforcing)" initiated by knom -- Best regards Peter Palmreuther Wealthy people are no happier than those of modest means.
[vchkpw] Re: Howto block querys from user?
Hello Jeremy, On Sunday, March 14, 2004 at 4:51:45 PM you wrote (at least in part): >> > Mar 14 15:29:26 icebear vpopmail[3787]: vchkpw-pop3: vpopmail user not >> > found web150p1@:217.233.6.196 >> [...] >> > Have someone of you an idea how I can block these user or how I can >> > add this IP temp. into iptables? >> >> $> echo '217.233.6.196:deny' >>~vpopmail/etc/tcp.smtp >> $> clearopensmtp >> >> Assuming your tcp.smtp file is located in ~vpopmail/etc. >> >> You'll not need to make an effort and configure IPTABLES, tcpserver is >> able to reject the connection by itself (when told in .cdb file). > but what you missed is that this is a pop3 connection. Actually it's not that hard to figure: - this .cdb file is used by tcpserver - tcpserver of POP3 process can use one too - One can enter the same line into a different text file and make an appropriate .cdb file from it or tell POP3 server to use the same .cdb file as SMTP server; qmail-popup and qmail-pop3d will not be disturbed by set RELAYCLIENT or even QMAILQUEUE variables. Somebody who deals with his own mail server I simply expect to be able to read documentation to make it as secure as possible. When this person got a hint I expect it to be able to carry over this knowledge to other problems as well. That's the responsibility someone has when he/she wants to have his/her own server. Sorry for that opinion. -- Best regards Peter Palmreuther Death is God's way of telling you not to be such a wise guy.
Re: [vchkpw] Re: Howto block querys from user?
Hallo Peter! Am So, 2004-03-14 um 16.41 schrieb Peter Palmreuther: > Hello List, > > On Sunday, March 14, 2004 at 3:45:52 PM [EMAIL PROTECTED] wrote (at least > in part): > > > Mar 14 15:29:26 icebear vpopmail[3787]: vchkpw-pop3: vpopmail user not > > found web150p1@:217.233.6.196 > [...] > > Have someone of you an idea how I can block these user or how I can > > add this IP temp. into iptables? > > $> echo '217.233.6.196:deny' >>~vpopmail/etc/tcp.smtp > $> clearopensmtp > > Assuming your tcp.smtp file is located in ~vpopmail/etc. > > You'll not need to make an effort and configure IPTABLES, tcpserver is > able to reject the connection by itself (when told in .cdb file). Will I have a chance to fight against BruteForce-Attacks? Or to generate an smtp-Error-Message like: Do not login every 5 Seconds. Try again in 3 Minutes. or something else!? Thank you all, for your time! Viele Gruesse, Peter. -- [EMAIL PROTECTED], gpg -key http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2
Re: [vchkpw] Re: Howto block querys from user?
On Sun, 2004-03-14 at 09:41, Peter Palmreuther wrote: > Hello List, > > On Sunday, March 14, 2004 at 3:45:52 PM [EMAIL PROTECTED] wrote (at least > in part): > > > Mar 14 15:29:26 icebear vpopmail[3787]: vchkpw-pop3: vpopmail user not > > found web150p1@:217.233.6.196 > [...] > > Have someone of you an idea how I can block these user or how I can > > add this IP temp. into iptables? > > $> echo '217.233.6.196:deny' >>~vpopmail/etc/tcp.smtp > $> clearopensmtp > > Assuming your tcp.smtp file is located in ~vpopmail/etc. > > You'll not need to make an effort and configure IPTABLES, tcpserver is > able to reject the connection by itself (when told in .cdb file). but what you missed is that this is a pop3 connection. -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
[vchkpw] Re: Howto block querys from user?
Hello List, On Sunday, March 14, 2004 at 3:45:52 PM [EMAIL PROTECTED] wrote (at least in part): > Mar 14 15:29:26 icebear vpopmail[3787]: vchkpw-pop3: vpopmail user not > found web150p1@:217.233.6.196 [...] > Have someone of you an idea how I can block these user or how I can > add this IP temp. into iptables? $> echo '217.233.6.196:deny' >>~vpopmail/etc/tcp.smtp $> clearopensmtp Assuming your tcp.smtp file is located in ~vpopmail/etc. You'll not need to make an effort and configure IPTABLES, tcpserver is able to reject the connection by itself (when told in .cdb file). -- Best regards Peter Palmreuther The Greatest of Faults Is To Be Conscious of None