Possibly I have a compromised server.
eg; at this time Nov 22 *04:54:31*, I can guarantee this person was
sleeping ( my wife )
Nov 22 *04:54:31* mail2 vpopmail[19559]: vchkpw-pop3: (PLAIN) login
success kwy...@mydomain.com:myserverip
So some how , something is logging in at that time.
I'd be careful in reaching that conclusion. Is any client program of
hers running while she sleeps, like her computer or perhaps her phone?
This is not uncommon.
I'd be more concerned with unexplained activity in the send log.
FWIW.
--
-Eric 'shubes'
On 11/22/2013 08:36 AM, Gman wrote:
Not to re-invent the wheel here, but this falls into the same kind of
thing I've been rolling out to all of my mailservers:
- Port 25 is used to receive inbound mail ONLY. There is *no auth
*capability on port 25 (currently enforced by /*spamdyke*/), and there
is no relaying on port 25 (unless
Hi Eric
is that in /var/log/qmail/send
On 11/22/13 8:43 AM, Eric Shubert wrote:
I'd be careful in reaching that conclusion. Is any client program of
hers running while she sleeps, like her computer or perhaps her phone?
This is not uncommon.
I'd be more concerned with unexplained activity
Yes.
# qmlog send
is the easy way to view them. The qmlog command with no options will
show you all the options available.
--
-Eric 'shubes'
On 11/22/2013 09:37 AM, System Admin wrote:
Hi Eric
is that in /var/log/qmail/send
On 11/22/13 8:43 AM, Eric Shubert wrote:
I'd be careful in
We're planning to move the stock QMT in the direction as Dan describes.
On 11/22/2013 09:01 AM, Dan McAllister wrote:
and I enforce SPF with a 3 in spfbehavior (and in SpamAssassin).
I wonder about this though. Since you're enforcing SPF, what's left for
SpamAssassin to do regarding SPF?
I seel lots of this in the send logs, is it normal
user_and_password_not_set,_continuing_without_authentication
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
On 11/22/2013 10:02 AM, System Admin wrote:
I seel lots of this in the send logs, is it normal
user_and_password_not_set,_continuing_without_authentication
-
Yes, these are normal for messages sent to remote (non-local
Eric,
The default setting for SpamAssassin is to enforce SPF as directed
(which means: soft-fail for ~ matches, hard fail for - matches, and
ignore for ? matches).
The operative part for me (since both qmail-smtpd AND SpamAssassin are
apparently checking SPF) is the part where I ensure that
On 11/21/2013 04:35 PM, Brent Gardner wrote:
On 11/21/2013 02:47 PM, Gman wrote:
In the fail2ban config I have this relevent section
# username-notfound
[username-notfound]
enabled = true
filter = *username-notfound*
action = iptables[name=SMTP, port=smtp, protocol=tcp]
logpath =
Eric Shubert wrote:
I honestly don't understand fail2ban in any detail. I wonder though, if
perhaps it's set up such that if someone's authentication fails, then it
changes iptables such that nobody can attempt to authenticate any more
(like blocking port 587 for any address). That'd be
11 matches
Mail list logo
