On Mon 26/Jul/2021 21:38:21 +0200 yuv wrote:
On Mon, 2021-07-26 at 18:34 +0200, Alessandro Vesely via mailop wrote:
On Tue 20/Jul/2021 04:17:31 +0200 Ángel via mailop wrote:
On 2021-07-19 at 23:27 +0200, Slavko wrote:
Dňa Sun, 18 Jul 2021 13:56:18 -0400 Bill Cole:
The only usable way seems t
On Mon, 2021-07-26 at 18:34 +0200, Alessandro Vesely via mailop wrote:
> On Tue 20/Jul/2021 04:17:31 +0200 Ángel via mailop wrote:
> > On 2021-07-19 at 23:27 +0200, Slavko wrote:
> > > Dňa Sun, 18 Jul 2021 13:56:18 -0400 Bill Cole:
> > >
> > > > > The only usable way seems to be GoiIP blocking cou
On Tue 20/Jul/2021 04:17:31 +0200 Ángel via mailop wrote:
On 2021-07-19 at 23:27 +0200, Slavko wrote:
Dňa Sun, 18 Jul 2021 13:56:18 -0400 Bill Cole:
The only usable way seems to be GoiIP blocking countries, but i
afraid that it is wrong way.
Why?
Hard to describe it in English for me, bu
On Sun, 2021-07-18 at 13:56 -0400, Bill Cole via mailop wrote:
> On 2021-07-18 at 06:43:51 UTC-0400 (Sun, 18 Jul 2021 12:43:51 +0200)
> Slavko via mailop
> is rumored to have said:
>
> [...]
>
> > The only usable way seems to be GoiIP blocking countries, but i
> > afraid
> > that it is wrong way
On 2021-07-19 at 23:27 +0200, Slavko wrote:
> Hi,
>
> Dňa Sun, 18 Jul 2021 13:56:18 -0400 Bill Cole:
>
> > > The only usable way seems to be GoiIP blocking countries, but i
> > > afraid that it is wrong way.
> >
> > Why?
>
> Hard to describe it in English for me, but i will try.
>
> I consid
On 2021-07-18 at 22:29 -0400, John Levine via mailop wrote:
>
> I do wish it were easier to report and kill the drop boxes, though.
>
> It would be nice if regasignsd...@yahoo.com went away.
I was only visited by that on July 9th.
Others like mx-server.org are much more persistent here.
Here ar
On 2021-07-19 at 17:27:58 UTC-0400 (Mon, 19 Jul 2021 23:27:58 +0200)
Slavko via mailop
is rumored to have said:
Hi,
Dňa Sun, 18 Jul 2021 13:56:18 -0400 Bill Cole via mailop
napísal:
The only usable way seems to be GoiIP blocking countries, but i
afraid that it is wrong way.
Why?
Hard to
Hi,
Dňa Sun, 18 Jul 2021 13:56:18 -0400 Bill Cole via mailop
napísal:
> > The only usable way seems to be GoiIP blocking countries, but i
> > afraid that it is wrong way.
>
> Why?
Hard to describe it in English for me, but i will try.
I consider blocking access by country as discriminating
On 2021-07-18 9:46 p.m., Patrick via mailop wrote:
Wow. A fake auth module would seem to invite spam storms. Which for some might
be handle-able and a good way to learn interactively with botnets?
Has anyone implemented such a thing? Thanks!
I've been doing it for at least 5 years. When a co
Hi,
Dňa Mon, 19 Jul 2021 00:34:40 +0100 Tim Bray via mailop
napísal:
> I didn't really get on with fail2ban. I do have it running, but it
> pulls very little for exim.
>
> I did write my own script to follow the exim mainlog with a bunch of
> regexp and drop IP addresses into ipset. (task
On 17/07/2021 21:13, Slavko via mailop wrote:
Please, i want ask others if are these (mostly) Brasil attempts know to
others too or am i "special" target?
In case you don't know about it already, have a look at
https://www.abuseipdb.com/ . Some people have scripts to report things
like auth a
It appears that Patrick via mailop <201901-mai...@planhack.com> said:
>Wow. A fake auth module would seem to invite spam storms. Which for some might
>be handle-able and a good way to learn interactively with botnets?
All mine does is say that the AUTH worked and send the subsequent message on a
Wow. A fake auth module would seem to invite spam storms. Which for some might
be handle-able and a good way to learn interactively with botnets?
Has anyone implemented such a thing? Thanks!
___
mailop mailing list
mailop@mailop.org
https://list.mailop.
It appears that Al Iverson via mailop said:
>I get many of these attempts too, and since I have no need for SMTP
>AUTH at all, I use it all as suggestions of IPs to ban.
I have a fake auth module that pretends to work and sends the message off
to the spam trap. The messages have the IP, user, an
On 17/07/2021 21:13, Slavko via mailop wrote:
Please, i want ask others if are these (mostly) Brasil attempts know to
others too or am i "special" target?
I seem to get continuous SMTP stuff. Work is much worse than my
personal server. But we have 10's of domains and due to historical
reaso
I get many of these attempts too, and since I have no need for SMTP
AUTH at all, I use it all as suggestions of IPs to ban.
I do it with a very simple script like this: https://pastebin.com/5HtCFY7K
It'd be easy to spruce this up and add some sort of tracking mechanism
or counts or something, but
This particular botnet, (and you can tell this strain by the password
list attempted, and the number of attempts from each IP) appears to come
from at least two(2) actors, one which is a windows malware on older
windows machines, and the other uses the gpon/router compromisd botnets.
Interesti
On 2021-07-18 at 06:43:51 UTC-0400 (Sun, 18 Jul 2021 12:43:51 +0200)
Slavko via mailop
is rumored to have said:
[...]
The only usable way seems to be GoiIP blocking countries, but i afraid
that it is wrong way.
Why?
If you have no users who need to authenticate from a particular network,
t
Hi,
Dňa Sun, 18 Jul 2021 06:54:07 +0200 Slavko via mailop
napísal:
> To see from where they come i did simple Python(3) script, which reads
> list of IP from stdin and prints some stats based on GeoLite2 DBs.
> When i feed it with IPs parsed from today dovecot's fail2ban log i
> can see:
Seems
On 2021-07-17 22:13, Slavko via mailop wrote:
> Please, i want ask others if are these (mostly) Brasil attempts know
to others too or am i "special" target?
I've seen it for at least 16ish years, at work and on my personal
servers. Mostly Brazil, South Korea, Turkey and Vietnam (+honourable
Hi,
Dňa 17 Jul 2021 20:41:14 -0400 John Levine via mailop
napísal:
> It appears that Thomas Hochstein via mailop said:
> About 12,000 here. It's a botnet, it's not targeting you any more
> than any other random server it can find, and I don't know of any way
> to block it. You can use somethi
On Sat, 17 Jul 2021, Slavko via mailop wrote:
Please, i want ask others if are these (mostly) Brasil attempts know to
others too or am i "special" target? Some other questions, which comes
to my minds without answers, while perhaps nobody here will/can know
right answer, i will ask:
Nope, this
It appears that Thomas Hochstein via mailop said:
>Slavko wrote:
>
>> Please, i want ask others if are these (mostly) Brasil attempts know to
>> others too or am i "special" target?
>
>Personal server here too.
>
>| root@moria # grep 'Incorrect authentication data' /var/log/exim4/mainlog.1 |
>wc
Slavko wrote:
> Please, i want ask others if are these (mostly) Brasil attempts know to
> others too or am i "special" target?
Personal server here too.
| root@moria # grep 'Incorrect authentication data' /var/log/exim4/mainlog.1 |
wc -l
| 1026
So, a bit more than 1.000 attempts yesterday.
>
Hi all!
I registered here only in recent time and this is my first post here (i
am sorry, my English is not best)...
In recent days i bother with many login attempt to my personal mail
server, which i use for some years. I meet distributed dictionary
attack to IMAP server which was partially bloc
25 matches
Mail list logo