Hi Eric.
FYI - latest fail2ban release 0.9 is slightly different from the
previous releases - the way it is setup has changed.
Regards,
Finn
Den 03-04-2014 19:03, Eric Shubert skrev:
On 04/03/2014 08:18 AM, Angus McIntyre wrote:
If you haven't implemented fail2ban on your qmail toasters, think
seriously about doing so.
There are at least two botnet-based password-guessing campaigns
currently ongoing. One is trying SMTP authentication against role
accounts (e.g. 'admin@', 'info@') at known domains. It was this one that
prompted initial recent discussion of fail2ban on this list.
The other, which I think just started today, is trying to do POP3
authentication, using email addresses taken from mailing lists used by
spammers. Because these lists are mostly nonsense, this will result in
hundreds or thousands of attempts to authenticate against non-existent
users, but I suppose they might eventually start hitting some existing
addresses.
Because of the stupidity of these attempts, I would think that they're
very unlikely to succeed at most hosts. However, if left to run
unchecked they will probably start to soak up noticeable amounts of
resources. The spammers appear to be deploying increasingly large
botnets, and each host will keep trying until banned.
The instructions at:
http://wiki.qmailtoaster.com/index.php/Fail2Ban
for setting up fail2ban seem pretty good.
This has been a public service announcement.
Angus
Indeed. :)
I hope to incorporate f2b in the stock QMT at some point, probably
sooner than later. The qt-firewall script needs a little work, and I
may tackle them both together.
The only drawback to doing f2b sooner is that logging is also going to
change soon in a major way, so f2b will need to be tweaked a bit at
that time. There probably won't be much to it. We'll see.
Thanks Angus, and those who worked on the wiki page. It's very helpful.
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
