On 2023-06-26 17:17, Joseph Tam wrote:
On Thu, 22 Jun 2023, Michael Peddemors wrote:
* Use services like RATS-AUTH to block IPs that can safely be blocked as known
hackers..
Cool. Are there other DNSRBLs (apart from bl.blocklist.de) that list
BFD attack IPs?
* Use services like RATS-NULL
On Thu, 22 Jun 2023, Michael Peddemors wrote:
> * Use services like RATS-AUTH to block IPs that can safely be blocked as
> known hackers..
Cool. Are there other DNSRBLs (apart from bl.blocklist.de) that list
BFD attack IPs?
> * Use services like RATS-NULL (or SpamHaus DROP lists) right in the
Their is more and more reasons to use 3rd party network reputation at
the authentication level. While our platforms have pretty sophisticated
combination, that includes of course transparent 2FA, but a very
granular set of rules for stopping BEC (Business Email Compromise), and
dropping obviou
On 2023-06-22 12:58, André Rodier via Fail2ban-users wrote:
Hello, all.
I just set-up a new server, running postfix, with submission(s)
activated on standard ports (587, 465)
Shortly after it has been setup, I see brute force attacks (not
surprising) from a whole /24 network (more surprising)
Is there any way, with postfix, to run a script on authentication failure, with
information like the IP address and the
username passed, for instance.
I wrote my own script for omprog which is part of rsyslog to read dovecot auth
fails. Because postfix authenticates with dovecot and dovecot w
On Thu, 2023-06-22 at 16:27 +0100, Nick Howitt via Fail2ban-users wrote:
>
>
> On 2023-06-22 12:58, André Rodier via Fail2ban-users wrote:
> > Hello, all.
> >
> > I just set-up a new server, running postfix, with submission(s)
> > activated on standard ports (587, 465)
> >
> > Shortly after it
Hello, all.
I just set-up a new server, running postfix, with submission(s) activated on
standard ports (587, 465)
Shortly after it has been setup, I see brute force attacks (not surprising)
from a whole /24 network (more surprising).
I carefully checked the logs, and see the modus operandi, w
Hello, all.
I just set-up a new server, running postfix, with submission(s) activated on
standard ports (587, 465)
Shortly after it has been setup, I see brute force attacks (not surprising)
from a whole /24 network (more surprising).
I carefully checked the logs, and see the modus operandi, w