Eric, I will do that, just have to test the configuration out first.
-----Original Message----- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert Sent: 29. august 2009 00:51 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] re: harvesting Not stupid really. I don't know of one. Would someone care to create a wiki page about fail2ban on a toaster? Or perhaps write an install script for it that could be included in QTP? Ole N.Johansen wrote: > Hello again, > > Sounds pretty stupid but is there a script to test "email harvesting" - > I have to check my fail2ban addition.. > > Perhaps I got it right, but no one tries to hammer my vpopmail .. > > Ole J > > ------------------------------------------------------------------------ > > *From:* Constantin IOAJA [mailto:io...@cartel-alfa.ro] > *Sent:* 28. august 2009 21:40 > *To:* qmailtoaster-list@qmailtoaster.com > *Subject:* Re: [qmailtoaster] re: harvesting > > > > Maxwell Smart wrote: > > Greetings fellow Qmailers, > > I am trying to find a way to block harvesters. I am using Fail2ban, but > must not have it set up correctly to block the harvesters after 3 > attempts. If anyone can shed some light on how to set this up it would > be greatly appreciated. > > Here is my vpopmail logwatch > > > *OSSEC http://www.ossec.net/ > > " OSSEC is an Open Source Host-based Intrusion Detection System. It > performs log analysis, file integrity checking, policy monitoring, > rootkit detection, real-time alerting and active response." > > Regards > > Constantin * > ------------------------------------- > *E-mail Notification* > ============== > OSSEC HIDS Notification. > 2009 Aug 28 14:09:22 > > Received From: mail->/var/log/maillog > Rule: 9952 fired (level 10) -> "POP3 brute force (email harvesting)." > Portion of the log(s): > > Aug 28 14:09:20 mail vpopmail[5529]: vchkpw-pop3: vpopmail user not > found test@:62.20.103.103 <mailto:test@:62.20.103.103> > Aug 28 14:09:20 mail vpopmail[5526]: vchkpw-pop3: vpopmail user not > found support@:62.20.103.103 <mailto:support@:62.20.103.103> > .............................................................. > Aug 28 14:09:17 mail vpopmail[5501]: vchkpw-pop3: vpopmail user not > found support@:62.20.103.103 <mailto:support@:62.20.103.103> > Aug 28 14:09:16 mail vpopmail[5497]: vchkpw-pop3: vpopmail user not > found support@:62.20.103.103 <mailto:support@:62.20.103.103> > ------------------------------- > OSSEC HIDS Notification. > 2009 Aug 28 14:19:56 > > Received From: mail->/var/log/maillog > Rule: 9952 fired (level 10) -> "POP3 brute force (email harvesting)." > Portion of the log(s): > > Aug 28 14:19:55 mail vpopmail[6175]: vchkpw-pop3: vpopmail user not > found demo@:62.20.103.103 <mailto:demo@:62.20.103.103> > Aug 28 14:19:55 mail vpopmail[6169]: vchkpw-pop3: vpopmail user not > found backup@:62.20.103.103 <mailto:backup@:62.20.103.103> > ................................................. > Aug 28 14:19:53 mail vpopmail[6147]: vchkpw-pop3: vpopmail user not > found demo@:62.20.103.103 <mailto:demo@:62.20.103.103> > Aug 28 14:19:53 mail vpopmail[6144]: vchkpw-pop3: vpopmail user not > found news@:62.20.103.103 <mailto:news@:62.20.103.103> > ------------------------------------------- > *active-responses.log* > > Fri Aug 28 14:09:22 EEST 2009 > /var/ossec/active-response/bin/firewall-drop.sh add - 62.20.103.103 > 1251457762.234301 9952 > Fri Aug 28 14:09:22 EEST 2009 > /var/ossec/active-response/bin/host-deny.sh add - 62.20.103.103 > 1251457762.234301 9952 > Fri Aug 28 14:19:52 EEST 2009 > /var/ossec/active-response/bin/firewall-drop.sh delete - 62.20.103.103 > 1251457762.234301 9952 > Fri Aug 28 14:19:52 EEST 2009 > /var/ossec/active-response/bin/host-deny.sh delete - 62.20.103.103 > 1251457762.234301 9952 > Fri Aug 28 14:19:56 EEST 2009 > /var/ossec/active-response/bin/host-deny.sh add - 62.20.103.103 > 1251458396.242407 9952 > Fri Aug 28 14:19:56 EEST 2009 > /var/ossec/active-response/bin/firewall-drop.sh add - 62.20.103.103 > 1251458396.242407 9952 > Fri Aug 28 14:30:26 EEST 2009 > /var/ossec/active-response/bin/host-deny.sh delete - 62.20.103.103 > 1251458396.242407 9952 > Fri Aug 28 14:30:26 EEST 2009 > /var/ossec/active-response/bin/firewall-drop.sh delete - 62.20.103.103 > 1251458396.242407 9952 > > -- -Eric 'shubes' ---------------------------------------------------------------------------- ----- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! ---------------------------------------------------------------------------- ----- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com