joe wrote: > > Patrick Shanahan wrote: >> * Benji Weber <[EMAIL PROTECTED]> [07-16-07 05:04]: >>> set the following line >>> >>> FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=120,recentname=ssh" >>> >>> in /etc/sysconfig/SuSEfirewall2 This will limit to a maximum of 3 >>> attempts per 120s. >> This works *very* well, even better than fail2ban, imo. Is there a >> similar line that will effect the same on postifx attempts rather than >> using fail2ban? > > Yikes - These are 2 different beasts. With ssh, users authenticate and gain > access to your system. With smtp, users don't authenticate or gain access to > your system, they simply send messages. What would you use as a measure of > "bad" email senders? >
I don't think he wants to block off the public, just someone he has detected abusing. I have a friend that has a small newsletter she sends out to a growing list of people and recently she hit a limit from road-runner. She could receive mail just fine but when she hit the limit of the magic number of E-Mails, she couldn't connect to the SMTP server for 24 hours. I agree that counting packets like you do with SSHd is probably the wrong criteria, but detecting the IP of an incoming site that is attempting to post too many messages and then selectively turning off that IP at the firewall could be effective. I know the abuser could simply change IP numbers so the detector needs to watch at a higher level then notify the firewall about the new IP to block, but it could work....it does with RR...so, the measure of bad email senders could be any field in the SMTP header or even message content scanners like the one in many mail servers like Surgemail or reverse DNS checking or whatever is effective, coupled with turning off the current incoming IP. The server discards or rejects any bad messages it receives, but the firewall can prevent the messages from getting through in the first place once triggered. Spammers are likely to go somewhere easier, where are so many Windoze machines available :) -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
