On 04 Mar 2015, at 21:46 , Jim Pazarena dove...@paz.bz wrote:
On 2015-03-02 2:02 AM, Jochen Bern wrote:
On 03/01/2015 08:53 AM, Jim Pazarena wrote:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+
Am 05.03.2015 um 20:23 schrieb @lbutlr:
On 04 Mar 2015, at 21:46 , Jim Pazarena dove...@paz.bz wrote:
On 2015-03-02 2:02 AM, Jochen Bern wrote:
On 03/01/2015 08:53 AM, Jim Pazarena wrote:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be
Am 05.03.2015 um 20:23 schrieb @lbutlr:
On 04 Mar 2015, at 21:46 , Jim Pazarena dove...@paz.bz wrote:
On 2015-03-02 2:02 AM, Jochen Bern wrote:
On 03/01/2015 08:53 AM, Jim Pazarena wrote:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steffen Kaiser wrote:
passdb { driver = ipdeny args = host/matchpattern/action
*** }
With next passdb{} as 1st in chain:
passdb {
driver = checkpassword
args = /tmp/chktst ip=%r service=%s
result_success = continue
result_failure =
Am 05.03.2015 um 22:45 schrieb Steffen:
Steffen Kaiser wrote:
passdb { driver = ipdeny args = host/matchpattern/action
*** }
With next passdb{} as 1st in chain:
passdb {
driver = checkpassword
args = /tmp/chktst ip=%r service=%s
result_success = continue
result_failure =
On 03/04/2015 05:03 AM, Earl Killian wrote:
I would like to reiterate Reindl Harald's point above, since subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it, and thereby
defeat the scanners far more
Am 04.03.2015 um 17:06 schrieb Jochen Bern:
On 03/04/2015 05:03 AM, Earl Killian wrote:
I would like to reiterate Reindl Harald's point above, since subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it, and
Am 01.03.2015 um 10:25 schrieb Reindl Harald h.rei...@thelounge.net:
Am 01.03.2015 um 08:53 schrieb Jim Pazarena:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try
Am 04.03.2015 um 20:12 schrieb Michael Orlitzky:
On 03/03/2015 11:03 PM, Earl Killian wrote:
On 2015/3/2 10:03, Reindl Harald wrote:
that is all nice
but the main benefit of RBL's is always ignored:
* centralized
* no log parsing at all
* honeypot data are delivered to any host
* it's
On 03/04/2015 02:12 PM, Michael Orlitzky wrote:
I would like to reiterate Reindl Harald's point above, since subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it, and thereby
defeat the scanners far more
On 03/04/2015 03:37 PM, Oliver Welter wrote:
I would like to reiterate Reindl Harald's point above, since subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it, and
thereby
defeat the scanners far more
Am 04.03.2015 um 21:51 schrieb Oliver Welter:
Please add this support to iptables instead of Dovecot. It's a
waste of
effort to code it into every application that listens on the network.
head explodes
Would you care to integrate it into IOS on my Cisco as well?
There are
On 3/4/2015 12:45 PM, Dave McGuire wrote:
There is. But I already have a firewall, running on bulletproof
hardware that doesn't depend on spinning disks. I don't want to add
ANOTHER firewall when I already have a perfectly good one. Besides, my
mail server is built for...serving mail. Not
On 03/04/2015 03:51 PM, Oliver Welter wrote:
I would like to reiterate Reindl Harald's point above, since
subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it, and
thereby
defeat the scanners far more
Am 04.03.2015 um 21:03 schrieb Dave McGuire:
On 03/04/2015 02:12 PM, Michael Orlitzky wrote:
I would like to reiterate Reindl Harald's point above, since subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it,
Am 04.03.2015 um 21:45 schrieb Dave McGuire:
On 03/04/2015 03:37 PM, Oliver Welter wrote:
I would like to reiterate Reindl Harald's point above, since subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it, and
On 03/03/2015 11:03 PM, Earl Killian wrote:
On 2015/3/2 10:03, Reindl Harald wrote:
that is all nice
but the main benefit of RBL's is always ignored:
* centralized
* no log parsing at all
* honeypot data are delivered to any host
* it's cheap
* it's easy to maintain
* it don't need any
Am 04.03.2015 um 20:31 schrieb Reindl Harald h.rei...@thelounge.net:
In the case of HTTP, IMAP, etc. things are not so easy.
Just think about NAT and CGN
that don't matter
if i blacklist a client because he starts a dictionary attack in SMTP i want
it also bock on IMAP without use
On 03/04/2015 04:33 PM, Professa Dementia wrote:
On 3/4/2015 12:45 PM, Dave McGuire wrote:
There is. But I already have a firewall, running on bulletproof
hardware that doesn't depend on spinning disks. I don't want to add
ANOTHER firewall when I already have a perfectly good one.
On 03/04/2015 09:45 PM, Dave McGuire wrote:
On 03/04/2015 03:37 PM, Oliver Welter wrote:
Am 04.03.2015 um 21:03 schrieb Dave McGuire:
Am 04.03.2015 um 20:12 schrieb Michael Orlitzky:
Please add [DNSBL] support to iptables instead of Dovecot. It's a waste of
effort to code it into every
Am 04.03.2015 um 23:00 schrieb Felix Zandanel:
I am not against block lists. I just say their use should be justified as they may
decrease overall service quality as well. There is another solution for auth based
services: As soon as you detect a possible attack (# auth reqs x etc.), keep
Nick Edwards writes:
I thought Timo once said dovecot had tarpitting, its useless if it is
there, and if it is, it needs user configurable timings, or maybe its
one of those things thats been in the gunna happen list
for a long time, like other stuff
If I remember correctly, I think this
On 03/04/2015 06:12 PM, Jochen Bern wrote:
On 03/04/2015 09:45 PM, Dave McGuire wrote:
On 03/04/2015 03:37 PM, Oliver Welter wrote:
Am 04.03.2015 um 21:03 schrieb Dave McGuire:
Am 04.03.2015 um 20:12 schrieb Michael Orlitzky:
Please add [DNSBL] support to iptables instead of Dovecot. It's a
On 2015-03-02 2:02 AM, Jochen Bern wrote:
On 03/01/2015 08:53 AM, Jim Pazarena wrote:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password
hi all
I've been reading this thread with interest. As a rather novice programmer.
I'm not being humble here, I really am not very good, I can do stuff, but
it takes a LONG time. My spaghetti code even has meatballs in it !
Not being a great programmer I'm not really able to code something up,
You can script fail2ban to send the entries to a rbldnsd file on a
remote server, I know someone who does it based on apache, since it
uses fail2ban, i shouldnt matter if its apache, or dovecot.
I thought Timo once said dovecot had tarpitting, its useless if it is
there, and if it is, it needs
On 3/4/15, Earl Killian dove...@lists.killian.com wrote:
On 2015/3/2 10:03, Reindl Harald wrote:
that is all nice
but the main benefit of RBL's is always ignored:
* centralized
* no log parsing at all
* honeypot data are delivered to any host
* it's cheap
* it's easy to maintain
* it
daemontools
On 3/2/15, Steffen Kaiser skdove...@smail.inf.fh-brs.de wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 2 Mar 2015, Reindl Harald wrote:
Am 02.03.2015 um 10:06 schrieb Steffen Kaiser:
If such plugin(?) is available, I would expect immediate complains, it
does not
Am 03.03.2015 um 22:31 schrieb Oliver Welter:
I did a quick hack for exactly this purpose - send offending IPs from my
mail server to the firewall in a secure way. Its a python script that
uses the fail2ban syntax on the one end and feeds a (patched) pfSense on
the other end. You can find the
Am 03.03.2015 um 12:40 schrieb Dave McGuire:
On 03/02/2015 09:41 PM, Joseph Tam wrote:
then setup fail2ban to manage extrafields
Now that's a very interesting idea, thank you! I will investigate
this.
If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
expect dovecot
On 2015/3/2 10:03, Reindl Harald wrote:
that is all nice
but the main benefit of RBL's is always ignored:
* centralized
* no log parsing at all
* honeypot data are delivered to any host
* it's cheap
* it's easy to maintain
* it don't need any root privileges anywhere
we have a small honeypot
On 03/02/2015 09:41 PM, Joseph Tam wrote:
then setup fail2ban to manage extrafields
Now that's a very interesting idea, thank you! I will investigate
this.
If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
expect dovecot will handle a comma separated string with 45K+
On 03/02/2015 05:34 AM, Joseph Tam wrote:
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
then setup fail2ban to manage extrafields
Now that's a very interesting idea, thank you! I will investigate this.
If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
On March 2, 2015 8:32:35 PM Robert Schetterer r...@sys4.de wrote:
the most problem may nat and false positves, with firewall or deny ip
stuff you may ban wanted users too, so this should be only used in heavy
cases, so there is no ultimate solution which fits every case on every setup
yep
Am 03.03.2015 um 00:45 schrieb Benny Pedersen:
On March 2, 2015 10:50:59 PM Dave McGuire mcgu...@neurotica.com wrote:
On 03/02/2015 05:34 AM, Joseph Tam wrote:
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
its not a big hint its not called denynets is it ?
I myself
On March 2, 2015 10:50:59 PM Dave McGuire mcgu...@neurotica.com wrote:
On 03/02/2015 05:34 AM, Joseph Tam wrote:
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
its not a big hint its not called denynets is it ?
I myself just want a mechanism to deny certain IP addresses
On 02 Mar 2015, at 16:34 , Benny Pedersen m...@junc.eu wrote:
On March 2, 2015 8:32:35 PM Robert Schetterer r...@sys4.de wrote:
the most problem may nat and false positves, with firewall or deny ip
stuff you may ban wanted users too, so this should be only used in heavy
cases, so there is no
Dave McGuire writes:
then setup fail2ban to manage extrafields
Now that's a very interesting idea, thank you! I will investigate this.
If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
expect dovecot will handle a comma separated string with 45K+ entries
any better.
On Monday 02 March 2015 05:02:49 Jochen Bern wrote:
On 03/01/2015 08:53 AM, Jim Pazarena wrote:
I wonder if there is an easy way to provide dovecot a flat text file
of ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
On 03/01/2015 06:34 PM, Benny Pedersen wrote:
The other side of this equation, Postfix, has had this capability
for years. Why it hasn't been added to dovecot is a mystery. It's
the only thing (really, the ONLY thing!) that I dislike about dovecot.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 2 Mar 2015, Dave McGuire wrote:
On 03/01/2015 06:34 PM, Benny Pedersen wrote:
The other side of this equation, Postfix, has had this capability
for years. Why it hasn't been added to dovecot is a mystery. It's
the only thing (really,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 2 Mar 2015, Reindl Harald wrote:
Am 02.03.2015 um 10:06 schrieb Steffen Kaiser:
If such plugin(?) is available, I would expect immediate complains, it
does not support:
+ local file lists with various sets of syntaxes
+ RBLs with a fine
On March 2, 2015 10:15:22 AM Tobi tobs...@brain-force.ch wrote:
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password attempts. The file is too big to create firewall
drops,
Have you also checked ipset (http://ipset.netfilter.org/)
Its extremely powerful even
On March 2, 2015 9:28:16 AM Steffen Kaiser skdove...@smail.inf.fh-brs.de
wrote:
Does allownets support negative CIDRs?
if order of ips is done in listed order imho yes
Example: allow_nets=127.0.0.0/8,192.168.0.0/16,!1.2.3.4,4.5.6.7
deny 1.2.3.4 but allow all others listed pr user this does
Am 02.03.2015 um 11:02 schrieb Jochen Bern:
On 03/01/2015 08:53 AM, Jim Pazarena wrote:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password
Am 02.03.2015 um 08:38 schrieb Oliver Welter:
I am really tired of reading this kind of complaints on OSS lists.
and because it's free everybody has to shut up?
that's your defintion of free?
your definition is broken?
as said on a other list:
if the developer of the OSS sais listen, i am
On 03/02/2015 02:38 AM, Oliver Welter wrote:
Guys, dovecot is open source - if you desire a feature that the upstream
programmer did not include, pay him a bounty to do so or send him a
patch to be included. Period. We can discuss and mightbe somebody will
fork if he is not willing to accept
Hi Jim,
you may want to simply try ipset. :)
http://ipset.netfilter.org/
http://daemonkeeper.net/781/mass-blocking-ip-addresses-with-ipset/
Kind regards,
Felix
On 01.03.15 08:53, Jim Pazarena wrote:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which
Am 02.03.2015 um 10:06 schrieb Steffen Kaiser:
If such plugin(?) is available, I would expect immediate complains, it
does not support:
+ local file lists with various sets of syntaxes
+ RBLs with a fine grained response matching
+ use the same RBL response for multiple match-action pairs
or
Am 02.03.2015 um 10:33 schrieb Steffen Kaiser:
hence RBL's make sense in the core because *in front* of any other
protocol specific code
That's TCP wrapper or a firewall, IMHO. (for a file list, not RBL).
However, there used to be a RBL patch for TCP wrapper and some
distribution provide
On 03/01/2015 08:53 AM, Jim Pazarena wrote:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password attempts. The file is too big to create
Dave McGuire writes:
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
then setup fail2ban to manage extrafields
Now that's a very interesting idea, thank you! I will investigate this.
If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
expect dovecot will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 2 Mar 2015, Dave McGuire wrote:
On 03/02/2015 02:38 AM, Oliver Welter wrote:
Guys, dovecot is open source - if you desire a feature that the upstream
programmer did not include, pay him a bounty to do so or send him a
patch to be included.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 01.03.2015 um 08:53 schrieb Jim Pazarena:
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password attempts. The file is too big to create firewall
drops,
Have you also checked ipset (http://ipset.netfilter.org/)
On March 2, 2015 11:35:24 AM Joseph Tam jtam.h...@gmail.com wrote:
Dave McGuire writes:
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
then setup fail2ban to manage extrafields
Now that's a very interesting idea, thank you! I will investigate this.
If you don't expect
Am 02.03.2015 um 18:56 schrieb Robert Schetterer:
perhaps and i mean really perhaps go this way
https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/
https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/
45K+ IPs will work in a recent
Am 02.03.2015 um 11:34 schrieb Joseph Tam:
Dave McGuire writes:
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
then setup fail2ban to manage extrafields
Now that's a very interesting idea, thank you! I will investigate this.
If you don't expect yor firewall to handle
Am 02.03.2015 um 19:03 schrieb Reindl Harald:
Am 02.03.2015 um 18:56 schrieb Robert Schetterer:
perhaps and i mean really perhaps go this way
https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
rethink why its allownets not denynets
45K+ IPs will work in a recent table
i have them too but for smtp only like
have you seem a single user with 45k ips that does not make logs of login
fails ?
Am 02.03.2015 um 20:01 schrieb Benny Pedersen:
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
rethink why its allownets not denynets
45K+ IPs will work in a recent table
i have them too but for smtp only like
have you seem a single user with 45k ips that does not
Am 01.03.2015 um 23:16 schrieb Dave McGuire:
On 03/01/2015 04:25 AM, Reindl Harald wrote:
I wonder if there is an easy way to provide dovecot a flat text
file of ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary
and 12345678 password
The other side of this equation, Postfix, has had this capability
for years. Why it hasn't been added to dovecot is a mystery. It's
the only thing (really, the ONLY thing!) that I dislike about dovecot.
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
then setup fail2ban
On March 1, 2015 10:26:40 AM Reindl Harald h.rei...@thelounge.net wrote:
i guess for a C-programmer it takes not much more than 10 minutens
include a config option to list rbl servers and close connections absed
on the DNS responses
close pop3, set imap to listen only in lo interface, setup
On 03/01/2015 04:25 AM, Reindl Harald wrote:
I wonder if there is an easy way to provide dovecot a flat text
file of ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary
and 12345678 password attempts. The file is too big to create
Am 02.03.2015 um 00:08 schrieb Benny Pedersen:
On March 1, 2015 10:26:40 AM Reindl Harald h.rei...@thelounge.net wrote:
i guess for a C-programmer it takes not much more than 10 minutens
include a config option to list rbl servers and close connections absed
on the DNS responses
close
Am 01.03.2015 um 08:53 schrieb Jim Pazarena:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password attempts. The file is too big to create
fail2ban blocked dynamically addresses for a period of time. It has a
module for dovecot.
I wonder if there is an easy way to provide dovecot a flat text file
of ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password
Am 01.03.2015 um 08:53 schrieb Jim Pazarena:
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password attempts. The file is too big to create firewall
drops, and I don't want to compile with wrappers *if* dovecot has an
Have you ever tried using IP sets on Linux?
Am 01.03.2015 um 23:16 schrieb Dave McGuire:
On 03/01/2015 04:25 AM, Reindl Harald wrote:
I wonder if there is an easy way to provide dovecot a flat text
file of ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary
and 12345678 password
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password attempts. The file is too big to create firewall
drops, and I don't want to compile with
70 matches
Mail list logo
