Am 05.03.2015 um 22:45 schrieb Steffen:
Steffen Kaiser wrote:
passdb { driver = ipdeny args = /matchpattern/action
*** }
With next passdb{} as 1st in chain:
passdb {
driver = checkpassword
args = "/tmp/chktst ip=%r service=%s"
result_success = continue
result_failure = retu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steffen Kaiser wrote:
> passdb { driver = ipdeny args = /matchpattern/action
> *** }
>
With next passdb{} as 1st in chain:
passdb {
driver = checkpassword
args = "/tmp/chktst ip=%r service=%s"
result_success = continue
result_failure =
Am 05.03.2015 um 20:23 schrieb @lbutlr:
> On 04 Mar 2015, at 21:46 , Jim Pazarena wrote:
>> On 2015-03-02 2:02 AM, Jochen Bern wrote:
>>> On 03/01/2015 08:53 AM, Jim Pazarena wrote:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored o
Am 05.03.2015 um 20:23 schrieb @lbutlr:
On 04 Mar 2015, at 21:46 , Jim Pazarena wrote:
On 2015-03-02 2:02 AM, Jochen Bern wrote:
On 03/01/2015 08:53 AM, Jim Pazarena wrote:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
On 04 Mar 2015, at 21:46 , Jim Pazarena wrote:
> On 2015-03-02 2:02 AM, Jochen Bern wrote:
>> On 03/01/2015 08:53 AM, Jim Pazarena wrote:
>>> I wonder if there is an easy way to provide dovecot a flat text file of
>>> ipv4 #'s which should be ignored or dropped?
>>>
>>> I have accumulated 45,000+
On 2015-03-02 2:02 AM, Jochen Bern wrote:
On 03/01/2015 08:53 AM, Jim Pazarena wrote:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password attempt
Nick Edwards writes:
I thought Timo once said dovecot had tarpitting, its useless if it is
there, and if it is, it needs user configurable timings, or maybe its
one of those things thats been in the gunna happen list
for a long time, like other stuff
If I remember correctly, I think this was
On 03/04/2015 06:12 PM, Jochen Bern wrote:
> On 03/04/2015 09:45 PM, Dave McGuire wrote:
>> On 03/04/2015 03:37 PM, Oliver Welter wrote:
>>> Am 04.03.2015 um 21:03 schrieb Dave McGuire:
Am 04.03.2015 um 20:12 schrieb Michael Orlitzky:
> Please add [DNSBL] support to iptables instead of D
Am 04.03.2015 um 23:00 schrieb Felix Zandanel:
I am not against block lists. I just say their use should be justified as they may
decrease overall service quality as well. There is another solution for auth based
services: As soon as you detect a possible attack (# auth reqs > x etc.), keep
t
On 03/04/2015 09:45 PM, Dave McGuire wrote:
> On 03/04/2015 03:37 PM, Oliver Welter wrote:
>> Am 04.03.2015 um 21:03 schrieb Dave McGuire:
>>> Am 04.03.2015 um 20:12 schrieb Michael Orlitzky:
Please add [DNSBL] support to iptables instead of Dovecot. It's a waste of
effort to code it in
On 03/04/2015 04:33 PM, Professa Dementia wrote:
> On 3/4/2015 12:45 PM, Dave McGuire wrote:
>>There is. But I already have a firewall, running on bulletproof
>> hardware that doesn't depend on spinning disks. I don't want to add
>> ANOTHER firewall when I already have a perfectly good one.
> Am 04.03.2015 um 20:31 schrieb Reindl Harald :
>
> > In the case of HTTP, IMAP, etc. things are not so easy.
> > Just think about NAT and CGN
>
> that don't matter
>
> if i blacklist a client because he starts a dictionary attack in SMTP i want
> it also bock on IMAP without use a dozen of d
On 3/4/2015 12:45 PM, Dave McGuire wrote:
There is. But I already have a firewall, running on bulletproof
hardware that doesn't depend on spinning disks. I don't want to add
ANOTHER firewall when I already have a perfectly good one. Besides, my
mail server is built for...serving mail. Not
Am 04.03.2015 um 21:51 schrieb Oliver Welter:
Please add this support to iptables instead of Dovecot. It's a
waste of
effort to code it into every application that listens on the network.
Would you care to integrate it into IOS on my Cisco as well?
There are things connected to
On 03/04/2015 03:51 PM, Oliver Welter wrote:
>> I would like to reiterate Reindl Harald's point above, since
>> subsequent
>> discussion has gotten away from it. If Dovecot had DNS RBL support
>> similar to Postfix, I think quite a few people would use it, and
>> thereby
>>
Am 04.03.2015 um 21:45 schrieb Dave McGuire:
On 03/04/2015 03:37 PM, Oliver Welter wrote:
I would like to reiterate Reindl Harald's point above, since subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it, and
th
On 03/04/2015 03:37 PM, Oliver Welter wrote:
I would like to reiterate Reindl Harald's point above, since subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it, and
thereby
defeat the scanne
Am 04.03.2015 um 21:03 schrieb Dave McGuire:
On 03/04/2015 02:12 PM, Michael Orlitzky wrote:
I would like to reiterate Reindl Harald's point above, since subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it, and
On 03/04/2015 02:12 PM, Michael Orlitzky wrote:
>> I would like to reiterate Reindl Harald's point above, since subsequent
>> discussion has gotten away from it. If Dovecot had DNS RBL support
>> similar to Postfix, I think quite a few people would use it, and thereby
>> defeat the scanners far mor
Am 04.03.2015 um 20:12 schrieb Michael Orlitzky:
On 03/03/2015 11:03 PM, Earl Killian wrote:
On 2015/3/2 10:03, Reindl Harald wrote:
that is all nice
but the main benefit of RBL's is always ignored:
* centralized
* no log parsing at all
* honeypot data are "delivered" to any host
* it's che
> Am 01.03.2015 um 10:25 schrieb Reindl Harald :
> Am 01.03.2015 um 08:53 schrieb Jim Pazarena:
>> I wonder if there is an easy way to provide dovecot a flat text file of
>> ipv4 #'s which should be ignored or dropped?
>>
>> I have accumulated 45,000+ IPs which routinely try dictionary and
>> 123
On 03/03/2015 11:03 PM, Earl Killian wrote:
> On 2015/3/2 10:03, Reindl Harald wrote:
>>
>> that is all nice
>>
>> but the main benefit of RBL's is always ignored:
>>
>> * centralized
>> * no log parsing at all
>> * honeypot data are "delivered" to any host
>> * it's cheap
>> * it's easy to maintai
Am 04.03.2015 um 17:06 schrieb Jochen Bern:
On 03/04/2015 05:03 AM, Earl Killian wrote:
I would like to reiterate Reindl Harald's point above, since subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it, and the
On 03/04/2015 05:03 AM, Earl Killian wrote:
> I would like to reiterate Reindl Harald's point above, since subsequent
> discussion has gotten away from it. If Dovecot had DNS RBL support
> similar to Postfix, I think quite a few people would use it, and thereby
> defeat the scanners far more effect
On 3/4/15, Earl Killian wrote:
> On 2015/3/2 10:03, Reindl Harald wrote:
>>
>> that is all nice
>>
>> but the main benefit of RBL's is always ignored:
>>
>> * centralized
>> * no log parsing at all
>> * honeypot data are "delivered" to any host
>> * it's cheap
>> * it's easy to maintain
>> * it do
You can script fail2ban to send the entries to a rbldnsd file on a
remote server, I know someone who does it based on apache, since it
uses fail2ban, i shouldnt matter if its apache, or dovecot.
I thought Timo once said dovecot had tarpitting, its useless if it is
there, and if it is, it needs us
hi all
I've been reading this thread with interest. As a rather novice programmer.
I'm not being humble here, I really am not very good, I can do stuff, but
it takes a LONG time. My spaghetti code even has meatballs in it !
Not being a great programmer I'm not really able to code something up, bu
On 2015/3/2 10:03, Reindl Harald wrote:
that is all nice
but the main benefit of RBL's is always ignored:
* centralized
* no log parsing at all
* honeypot data are "delivered" to any host
* it's cheap
* it's easy to maintain
* it don't need any root privileges anywhere
we have a small honeypo
Am 03.03.2015 um 22:31 schrieb Oliver Welter:
I did a quick hack for exactly this purpose - send offending IPs from my
mail server to the firewall "in a secure way". Its a python script that
uses the fail2ban syntax on the one end and feeds a (patched) pfSense on
the other end. You can find the
Am 03.03.2015 um 12:40 schrieb Dave McGuire:
On 03/02/2015 09:41 PM, Joseph Tam wrote:
then setup fail2ban to manage extrafields
Now that's a very interesting idea, thank you! I will investigate
this.
If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
expect dovecot will
daemontools
On 3/2/15, Steffen Kaiser wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Mon, 2 Mar 2015, Reindl Harald wrote:
>> Am 02.03.2015 um 10:06 schrieb Steffen Kaiser:
>>> If such plugin(?) is available, I would expect immediate complains, it
>>> does not support:
>>>
>>> +
On 03/02/2015 09:41 PM, Joseph Tam wrote:
> then setup fail2ban to manage extrafields
Now that's a very interesting idea, thank you! I will investigate
this.
>>>
>>> If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
>>> expect dovecot will handle a comma sepa
Dave McGuire writes:
then setup fail2ban to manage extrafields
Now that's a very interesting idea, thank you! I will investigate this.
If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
expect dovecot will handle a comma separated string with 45K+ entries
any better.
M
Am 03.03.2015 um 00:45 schrieb Benny Pedersen:
On March 2, 2015 10:50:59 PM Dave McGuire wrote:
On 03/02/2015 05:34 AM, Joseph Tam wrote:
>>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
its not a big hint its not called denynets is it ?
I myself just want a mechanism
On 02 Mar 2015, at 16:34 , Benny Pedersen wrote:
> On March 2, 2015 8:32:35 PM Robert Schetterer wrote:
>
>> the most problem may nat and false positves, with firewall or deny ip
>> stuff you may ban wanted users too, so this should be only used in heavy
>> cases, so there is no ultimate solutio
On March 2, 2015 10:50:59 PM Dave McGuire wrote:
On 03/02/2015 05:34 AM, Joseph Tam wrote:
>>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
its not a big hint its not called denynets is it ?
I myself just want a mechanism to deny certain IP addresses when I
spot them, r
On March 2, 2015 8:32:35 PM Robert Schetterer wrote:
the most problem may nat and false positves, with firewall or deny ip
stuff you may ban wanted users too, so this should be only used in heavy
cases, so there is no ultimate solution which fits every case on every setup
yep pop-before-smtp
On 03/02/2015 05:34 AM, Joseph Tam wrote:
>>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
>>>
>>> then setup fail2ban to manage extrafields
>>
>> Now that's a very interesting idea, thank you! I will investigate this.
>
> If you don't expect yor firewall to handle 45K+ IPs, I
Am 02.03.2015 um 20:01 schrieb Benny Pedersen:
>
>> >>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
>
> rethink why its allownets not denynets
>
>> 45K+ IPs will work in a recent table
>> i have them too but for smtp only like
>
> have you seem a single user with 45k ips tha
>>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
rethink why its allownets not denynets
45K+ IPs will work in a recent table
i have them too but for smtp only like
have you seem a single user with 45k ips that does not make logs of login
fails ?
Am 02.03.2015 um 19:03 schrieb Reindl Harald:
>
> Am 02.03.2015 um 18:56 schrieb Robert Schetterer:
>> perhaps and i mean really "perhaps" go this way
>>
>> https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/
>>
>>
>> https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-un
On March 2, 2015 11:35:24 AM Joseph Tam wrote:
Dave McGuire writes:
>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
>>
>> then setup fail2ban to manage extrafields
>
> Now that's a very interesting idea, thank you! I will investigate this.
If you don't expect yor firewall
Am 02.03.2015 um 18:56 schrieb Robert Schetterer:
perhaps and i mean really "perhaps" go this way
https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/
https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/
45K+ IPs will work in a recen
Am 02.03.2015 um 11:34 schrieb Joseph Tam:
> Dave McGuire writes:
>
>>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
>>>
>>> then setup fail2ban to manage extrafields
>>
>> Now that's a very interesting idea, thank you! I will investigate this.
>
> If you don't expect yor fir
On Monday 02 March 2015 05:02:49 Jochen Bern wrote:
> On 03/01/2015 08:53 AM, Jim Pazarena wrote:
> > I wonder if there is an easy way to provide dovecot a flat text file
> > of ipv4 #'s which should be ignored or dropped?
> >
> > I have accumulated 45,000+ IPs which routinely try dictionary and
Dave McGuire writes:
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
then setup fail2ban to manage extrafields
Now that's a very interesting idea, thank you! I will investigate this.
If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
expect dovecot will h
On March 2, 2015 10:15:22 AM Tobi wrote:
> I have accumulated 45,000+ IPs which routinely try dictionary and
> 12345678 password attempts. The file is too big to create firewall
> drops,
Have you also checked ipset (http://ipset.netfilter.org/)
Its extremely powerful even with huge block lists
Am 02.03.2015 um 11:02 schrieb Jochen Bern:
On 03/01/2015 08:53 AM, Jim Pazarena wrote:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password atte
On 03/01/2015 08:53 AM, Jim Pazarena wrote:
> I wonder if there is an easy way to provide dovecot a flat text file of
> ipv4 #'s which should be ignored or dropped?
>
> I have accumulated 45,000+ IPs which routinely try dictionary and
> 12345678 password attempts. The file is too big to create fir
On March 2, 2015 9:28:16 AM Steffen Kaiser
wrote:
Does allownets support negative CIDRs?
if order of ips is done in listed order imho yes
Example: allow_nets=127.0.0.0/8,192.168.0.0/16,!1.2.3.4,4.5.6.7
deny 1.2.3.4 but allow all others listed pr user this does not work with
pam pr user, b
Am 02.03.2015 um 10:33 schrieb Steffen Kaiser:
hence RBL's make sense in the core because *in front* of any other
protocol specific code
That's TCP wrapper or a firewall, IMHO. (for a file list, not RBL).
However, there used to be a RBL patch for TCP wrapper and some
distribution provide other
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 2 Mar 2015, Reindl Harald wrote:
Am 02.03.2015 um 10:06 schrieb Steffen Kaiser:
If such plugin(?) is available, I would expect immediate complains, it
does not support:
+ local file lists with various sets of syntaxes
+ RBLs with a fine gra
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 01.03.2015 um 08:53 schrieb Jim Pazarena:
> I have accumulated 45,000+ IPs which routinely try dictionary and
> 12345678 password attempts. The file is too big to create firewall
> drops,
Have you also checked ipset (http://ipset.netfilter.org/)
Am 02.03.2015 um 10:06 schrieb Steffen Kaiser:
If such plugin(?) is available, I would expect immediate complains, it
does not support:
+ local file lists with various sets of syntaxes
+ RBLs with a fine grained response matching
+ use the same RBL response for multiple match-action pairs
or
Hi Jim,
you may want to simply try ipset. :)
http://ipset.netfilter.org/
http://daemonkeeper.net/781/mass-blocking-ip-addresses-with-ipset/
Kind regards,
Felix
On 01.03.15 08:53, Jim Pazarena wrote:
> I wonder if there is an easy way to provide dovecot a flat text file of
> ipv4 #'s which sho
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 2 Mar 2015, Dave McGuire wrote:
On 03/02/2015 02:38 AM, Oliver Welter wrote:
Guys, dovecot is open source - if you desire a feature that the upstream
programmer did not include, pay him a bounty to do so or send him a
patch to be included. P
Am 02.03.2015 um 08:38 schrieb Oliver Welter:
I am really tired of reading this kind of complaints on OSS lists.
and because it's free everybody has to shut up?
that's your defintion of free?
your definition is broken?
as said on a other list:
if the developer of the OSS sais "listen, i am
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 2 Mar 2015, Dave McGuire wrote:
On 03/01/2015 06:34 PM, Benny Pedersen wrote:
The other side of this equation, Postfix, has had this capability
for years. Why it hasn't been added to dovecot is a mystery. It's
the only thing (really, the
On 03/02/2015 02:38 AM, Oliver Welter wrote:
> Guys, dovecot is open source - if you desire a feature that the upstream
> programmer did not include, pay him a bounty to do so or send him a
> patch to be included. Period. We can discuss and mightbe somebody will
> fork if he is not willing to accep
On 03/01/2015 06:34 PM, Benny Pedersen wrote:
>> The other side of this equation, Postfix, has had this capability
>> for years. Why it hasn't been added to dovecot is a mystery. It's
>> the only thing (really, the ONLY thing!) that I dislike about dovecot.
>
> http://wiki2.dovecot.org/Passwor
Am 01.03.2015 um 23:16 schrieb Dave McGuire:
On 03/01/2015 04:25 AM, Reindl Harald wrote:
I wonder if there is an easy way to provide dovecot a flat text
file of ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary
and 12345678 password atte
The other side of this equation, Postfix, has had this capability
for years. Why it hasn't been added to dovecot is a mystery. It's
the only thing (really, the ONLY thing!) that I dislike about dovecot.
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
then setup fail2ban to
Am 02.03.2015 um 00:08 schrieb Benny Pedersen:
On March 1, 2015 10:26:40 AM Reindl Harald wrote:
i guess for a C-programmer it takes not much more than 10 minutens
include a config option to list rbl servers and close connections absed
on the DNS responses
close pop3, set imap to listen on
On March 1, 2015 10:26:40 AM Reindl Harald wrote:
i guess for a C-programmer it takes not much more than 10 minutens
include a config option to list rbl servers and close connections absed
on the DNS responses
close pop3, set imap to listen only in lo interface, setup webmail with
smtp auth,
Am 01.03.2015 um 23:16 schrieb Dave McGuire:
On 03/01/2015 04:25 AM, Reindl Harald wrote:
I wonder if there is an easy way to provide dovecot a flat text
file of ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary
and 12345678 password att
On 03/01/2015 04:25 AM, Reindl Harald wrote:
>> I wonder if there is an easy way to provide dovecot a flat text
>> file of ipv4 #'s which should be ignored or dropped?
>>
>> I have accumulated 45,000+ IPs which routinely try dictionary
>> and 12345678 password attempts. The file is too big to crea
Am 01.03.2015 um 08:53 schrieb Jim Pazarena:
> I have accumulated 45,000+ IPs which routinely try dictionary and
> 12345678 password attempts. The file is too big to create firewall
> drops, and I don't want to compile with wrappers *if* dovecot has an
Have you ever tried using IP sets on Linux?
Am 01.03.2015 um 08:53 schrieb Jim Pazarena:
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password attempts. The file is too big to create firewall
fail2ban blocked dynamically addresses for a period of time. It has a
module for dovecot.
I wonder if there is an easy way to provide dovecot a flat text file
of ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password a
69 matches
Mail list logo