okay thank you for your explanation
On 08-Mar-11 19:43, Toma Bogdan wrote:
Hello,
If your system have shorewall as firewall solution management
we get 'action' statement from /etc/fail2ban/jail.conf
---
[qmail-pop3]
enable = true
filter = qmail-pop3
action = shorewall
Pak Ogah escribió:
On
07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and
re-formatting, I didn't know what that fail2ban meaning (I haven't
tried it also)
but, I saw
On 3/8/2011 11:18 AM, Pak Ogah wrote:
On 07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and
re-formatting, I didn't know what that fail2ban meaning (I haven't
tried
On 07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and re-formatting,
I didn't know what that fail2ban meaning (I haven't tried it also)
but, I saw something weird. So
Hi.
matches either the Ip address or the hostname
Cheers
Finn
On 08-03-2011 09:04, Digital Instruments wrote:
Nice, that's great! :)
Just a little question: I don't get this (I've also read the
wiki but it's not clear)
can you do an example, please?
Thanks,
Cheers!
Il 05/03/2011 23:26,
is an alias for a regular expression to find the ip address. Which
is defined in the code.
Succes,
Peter.
> Nice, that's great! :)
> Just a little question: I don't get this (I've also read the wiki
> but it's not clear)
>
> can you do an example, please?
>
> Thanks,
> Cheers!
>
> Il 05/03/20
Nice, that's great! :)
Just a little question: I don't get this (I've also read the wiki
but it's not clear)
can you do an example, please?
Thanks,
Cheers!
Il 05/03/2011 23:26, Sergio M ha scritto:
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?ti
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
--
-Eric 'shubes'
On 03/07/2011 02:37 AM, Toma Bogdan wrote:
Used on Centos 5.5
>> /etc/fail2ban/filter.d/qmail-pop3.conf
--- start cut --
[Definition]
# Option: failregex
# Notes.: regex to match the passwo
Used on Centos 5.5
>> /etc/fail2ban/filter.d/qmail-pop3.conf
--- start cut --
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag
"" can
# be used for standard IP
Oke done, prettified with some minor changes
http://wiki.qmailtoaster.com/index.php/Fail2Ban
On 06-Mar-11 5:26, Sergio M wrote:
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Ban&action=edit
Have at it. I've added a link to this page under
I'll try to prettified for you :D
On 06-Mar-11 5:26, Sergio M wrote:
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Ban&action=edit
Have at it. I've added a link to this page under the Configuration->
Security section. It's a start (albei
Eric Shubert escribió:
Timing
is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Ban&action="">
Have at it. I've added a link to this page under the Configuration->
Security section. It's a start (albeit not much of one).
Hey guys, I created a basic article,
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Ban&action=edit
Have at it. I've added a link to this page under the Configuration->
Security section. It's a start (albeit not much of one).
I wrote some basic stuff, but it needs proper wiki
Thanks, David.
FWIW, I agree with what you're saying. Most are just "script kiddies",
and lack any substantial skills. If they had greater skills, I would
hope that they'd be doing something more constructive.
--
-Eric 'shubes'
On 03/03/2011 08:31 PM, David Milholen wrote:
Eric,
Ill see wha
Eric,
Ill see what I can do. Ill review my old notes on adding it to my
system and what kind of config I used to have success.
I will also list the script that has the trigger for a honeypot
server.
Yes, Hackers are stupid because they are not using their talent fo
2011 10:25:20 AM
Subject: [qmailtoaster] Re: SMTP attack
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Ban&action=edit
Have at it. I've added a link to this page under the Configuration->
Security section. It's a start (albeit not much of one).
ence my previous post on logging pop3
failures!)
- Original Message
From: Eric Shubert
To: qmailtoaster-list@qmailtoaster.com
Sent: Thu, March 3, 2011 8:28:57 AM
Subject: [qmailtoaster] Re: SMTP attack
David,
Thanks, David.
BTW, can you find a few moments to get a wiki page for
vious post on logging pop3
failures!)
- Original Message
From: Eric Shubert
To: qmailtoaster-list@qmailtoaster.com
Sent: Thu, March 3, 2011 8:28:57 AM
Subject: [qmailtoaster] Re: SMTP attack
David,
Thanks, David.
BTW, can you find a few moments to get a wiki page for fail2ban sta
On 03/02/2011 09:08 PM, David Milholen wrote:
+1000 on this solution.
It works for me. I also have a honeypot that these ips get thrown into
and trapped after so many attempts.
Stupid Hackers LOL:)
--Dave
rofl, I doubt you will ever call an hacker "stupid". Prolly they are
just kids having fun.
David,
Thanks, David.
BTW, can you find a few moments to get a wiki page for fail2ban started?
Even if it's just a rough outline along with your configuration, that
would be helpful. I'm sure others can add more details once something's
there to work with.
TIA.
--
-Eric 'shubes'
Thanks, Dav
+1000 on this solution.
It works for me. I also have a honeypot that these ips get thrown
into and trapped after so many attempts.
Stupid Hackers LOL:)
--Dave
On 3/1/2011 7:24 PM, Eric Shubert wrote:
Yes,
but the attacks appear to be coming from a va
DENYHOST works only for SSHD .
2011/3/2 Eric Shubert
> Hey Gustavo.
>
> I don't know about it, so I have no opinion. Please post a link to more
> info. Thanks.
>
> If someone else has some thoughts on this, please chime in.
>
> --
> -Eric 'shubes'
>
>
> On 03/02/2011 10:49 AM, Gustavo De Po
Hey Gustavo.
I don't know about it, so I have no opinion. Please post a link to more
info. Thanks.
If someone else has some thoughts on this, please chime in.
--
-Eric 'shubes'
On 03/02/2011 10:49 AM, Gustavo De Poli wrote:
Eric: hi, sorry im a new here (principiant), wath do you think abou
Eric: hi, sorry im a new here (principiant), wath do you think about
DENYHOST, insted of fail2ban
i use DENYHOST as a service and work good.
Gustavo
2011/3/1 Eric Shubert
> Yes, but the attacks appear to be coming from a variety of addresses.
> fail2ban will do essentially this automaticall
a page on the wiki sounds like a hero of a thing .
I know that i would like some wisdom on how to implement fail2ban with
my qmailtoaster
On 3/1/2011 9:40 PM, Eric Shubert wrote:
If CJ got it working, then I expect that just about anyone can do it. ;)
JK CJ. Would you care to create a page on
Hi all.
I installed and is using fail2ban after Eric wrote about it long time ago.
It works perfectly and is doing a nice job blocking different attemps on
my server. (Iptables drop )
I am using dovecot and is having fail2ban checking the dovecot log for
bad password attempts (amongst other
Trouble is Fail2Ban requires the shorewall firewall!
At least if you use the rpm's.
On 02/03/2011 3:58 PM, Maxwell Smart wrote:
I actually use OSSECHIDS for this type of attack. I use fail2ban for
ftp and ssh.
Ole is the chap that knows fail2ban for Qmail. You can install it now
using yum in
I actually use OSSECHIDS for this type of attack. I use fail2ban for
ftp and ssh.
Ole is the chap that knows fail2ban for Qmail. You can install it now
using yum install fail2ban instead of compiling.
On 03/01/2011 06:40 PM, Eric Shubert wrote:
> If CJ got it working, then I expect that just ab
I haven't implemented Fail2Ban yet. Been meaning to, but haven't had the
need. I believe others on this list have though.
--
-Eric 'shubes'
On 03/01/2011 06:52 PM, Tony White wrote:
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but t
If CJ got it working, then I expect that just about anyone can do it. ;)
JK CJ. Would you care to create a page on the wiki for this?
--
-Eric 'shubes'
On 03/01/2011 06:58 PM, Cecil Yother, Jr. wrote:
Tony,
Does this append the existing iptable with the offending IP?
I use fail2ban and it w
True enough. Can be a quick and dirty (temporary) fix.
--
-Eric 'shubes'
On 03/01/2011 06:44 PM, Tony White wrote:
Agreed Eric, but this is a VERY quick simple fix when the thing starts!
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of add
I don't think so. The hacker is trying to authenticate, and failing.
Greylisting would prohibit mail from being received, but the problem
occurs before an email is transmitted.
Thanks for the suggestion though.
--
-Eric 'shubes'
On 03/01/2011 06:38 PM, Carlos Herrera Polo wrote:
Greylisting pr
I think he said he is not an user yet, but i am looking at:
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg23951.html
Tony White escribió:
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of addresses. fail2ban will do essentially this automatically and
for whatever addresses attacks may come from. fail2ban is much better s
Eric Shubert escribió:
Sergio,
.) Be sure you're running the latest spamdyke (4.2.0). 4.1.x versions
had a bug where rejected sessions would not terminate immediately,
causing excessive idle smtp sessions (and ultimately TIMEOUTs). That
may no be affecting you, but you should check to be sure
Agreed Eric, but this is a VERY quick simple fix when the thing starts!
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of addresses. fail2ban will do essentially this automatically and
for whatever addresses attacks may come from. fail2ban is
Yes, but the attacks appear to be coming from a variety of addresses.
fail2ban will do essentially this automatically and for whatever
addresses attacks may come from. fail2ban is much better solution imo.
--
-Eric 'shubes'
On 03/01/2011 06:14 PM, Tony White wrote:
Try this at the command line
Sergio,
.) Be sure you're running the latest spamdyke (4.2.0). 4.1.x versions
had a bug where rejected sessions would not terminate immediately,
causing excessive idle smtp sessions (and ultimately TIMEOUTs). That may
no be affecting you, but you should check to be sure. Run
qtp-install-spamd
38 matches
Mail list logo