search for: rbldnsd

...f [debconf-2.0] 1.4.30.13 Debian configuration management sy -- debconf information: logcheck-database/conffile-cleanup: false logcheck-database/rules-directories-note: logcheck-database/standard-rename-note: -------------- next part -------------- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rbldnsd\[[0-9]+\]: listening on [0-9.]{7,15}/[0-9]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rbldnsd\[[0-9]+\]: ip4set:[._[:alnum:]-]+: [0-9]{8} [0-9]+: [[:alnum:]/=]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rbldnsd\[[0-9]+\]: zones reloaded, time [\./[:alnum:]]+ sec, mem arena=[0-9]+ free=[0-9]+ mmap=[0-9]+ \w{1,2...

...ts, in our case that blacklist is 100% trustable and blocks before SMTP-Auth while normal RBL's are after SASL i admit that i am not a C/C++-programmer, but i think doing the DNS request and in case it has a result block any login attemt should be not too complex setup a own honeypot and feed rbldnsd with the sources is quite easy and in case of a own, trustable RBL where no foreigners report somebody by mistake it's relieable and scales well over many machines and services as long services supporting it mod_security: http://blog.inliniac.net/2007/02/23/blocking-comment-spam-using-modsecur...

...gt;> dovecot has an easy ability to do this. If dovecot could parse a >> flat text file of IPs and drop connections it would sure put a >> dent in these attempts. > > hence i asked month ago for RBL support because such lists are easy > to feed into http://www.corpit.ru/mjt/rbldnsd.html - sadly i got no > reply than use fail2ban and what not irrelevant if there is already > a local dnsbl > > i guess for a C-programmer it takes not much more than 10 minutens > include a config option to list rbl servers and close connections > absed on the DNS responses...

...on: -Dell PE1750 - dual 2.8Ghz Xeon (with Hyper Threading on) - 2GB DDR RAM - Perc4-DI onboard RAID using 3 scsi drives in raid-5 configuration -ext3 file system -kernel-smp-2.6.9-5.0.3.EL -mysql - from distribution -2 postfix instances rebuilt with MySQL support -amavisd-new -clamav -spamassassin -rbldnsd -bind Here's the captured output from a serial console connected to the server at time of fault. Unable to handle kernel NULL pointer dereference at virtual address 00000000 printing eip: f8872da8 *pde = 35562001 Oops: 0000 [#1] SMP Modules linked in: md5 ipv6 autofs4 sunrpc dm_mod button...

I wonder if there is an easy way to provide dovecot a flat text file of ipv4 #'s which should be ignored or dropped? I have accumulated 45,000+ IPs which routinely try dictionary and 12345678 password attempts. The file is too big to create firewall drops, and I don't want to compile with wrappers *if* dovecot has an easy ability to do this. If dovecot could parse a flat text file of

...to compile with wrappers *if* dovecot has an > easy ability to do this. If dovecot could parse a flat text file of IPs > and drop connections it would sure put a dent in these attempts. hence i asked month ago for RBL support because such lists are easy to feed into http://www.corpit.ru/mjt/rbldnsd.html - sadly i got no reply than use fail2ban and what not irrelevant if there is already a local dnsbl i guess for a C-programmer it takes not much more than 10 minutens include a config option to list rbl servers and close connections absed on the DNS responses -------------- next part -----...

...an easy ability to do this. If dovecot could parse a >>> flat text file of IPs and drop connections it would sure put a >>> dent in these attempts. >> >> hence i asked month ago for RBL support because such lists are easy >> to feed into http://www.corpit.ru/mjt/rbldnsd.html - sadly i got no >> reply than use fail2ban and what not irrelevant if there is already >> a local dnsbl >> >> i guess for a C-programmer it takes not much more than 10 minutens >> include a config option to list rbl servers and close connections >> absed on...

> Am 04.03.2015 um 20:31 schrieb Reindl Harald <h.reindl at thelounge.net>: > > > In the case of HTTP, IMAP, etc. things are not so easy. > > Just think about NAT and CGN > > that don't matter > > if i blacklist a client because he starts a dictionary attack in SMTP i want it also bock on IMAP without use a dozen of different tools because teh via IMAP

On 03/04/2015 05:03 AM, Earl Killian wrote: > I would like to reiterate Reindl Harald's point above, since subsequent > discussion has gotten away from it. If Dovecot had DNS RBL support > similar to Postfix, I think quite a few people would use it, and thereby > defeat the scanners far more effectively than any other method. It is > good that other people are suggesting things

hi all I've been reading this thread with interest. As a rather novice programmer. I'm not being humble here, I really am not very good, I can do stuff, but it takes a LONG time. My spaghetti code even has meatballs in it ! Not being a great programmer I'm not really able to code something up, but it occurred to me something could be scripted, are the other posters suggesting

...heck/ignore.d.server/pure-ftpd' /etc/logcheck/ignore.d.server/pureftp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/pureftp' /etc/logcheck/ignore.d.server/qpopper [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/qpopper' /etc/logcheck/ignore.d.server/rbldnsd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/rbldnsd' /etc/logcheck/ignore.d.server/rpc_statd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/rpc_statd' /etc/logcheck/ignore.d.server/rsnapshot [Errno 13] Permission denied: u'/etc/logcheck/ignore.d....

...ck/ignore.d.server/pure-ftpd' /etc/logcheck/ignore.d.server/pureftp [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/pureftp' /etc/logcheck/ignore.d.server/qpopper [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/qpopper' /etc/logcheck/ignore.d.server/rbldnsd [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/rbldnsd' /etc/logcheck/ignore.d.server/rpc_statd [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/rpc_statd' /etc/logcheck/ignore.d.server/rsnapshot [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore...

...ck/ignore.d.server/pure-ftpd' /etc/logcheck/ignore.d.server/pureftp [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/pureftp' /etc/logcheck/ignore.d.server/qpopper [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/qpopper' /etc/logcheck/ignore.d.server/rbldnsd [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/rbldnsd' /etc/logcheck/ignore.d.server/rpc_statd [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/rpc_statd' /etc/logcheck/ignore.d.server/rsnapshot [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore...

[ https://www.centos.org/search.php?query=atomicorp&mid=30&action=showall&andor=AND forum search] returns a 404. Can the forum search https://www.centos.org/forums/search.php? be used with parameters that will provide the supporting material for the warning "Many CentOS users have had problems after enabling this repo"? -------------- next part -------------- An HTML

Package: logcheck-database Version: 1.2.32 Severity: normal Tags: patch The fix for 283331 exposed a bug in the dnsmasq rules. The rule was looking for DHCPINFO, but the actual message is DHCPINFORM. Prior to the 283331 fix, the old rule worked, because the "[()[:alnum:]]+" part of the rule matched the "RM" at the end of DHCPINFORM. -- System Information: Debian Release:

Package: logcheck Version: 1.2.32 Severity: important In postinst logcheck "fixes" permissions of /etc/logcheck/* to 750. In my (and others on #d-d) opinion ownership and permissions should be preserved upon package upgrades. Logcheck must not screw with my decision to make them world readable every time it configures. -- Peter

Package: logcheck Version: 1.2.35 Severity: minor Manual page reads: SYNOPSIS logcheck [TIONS] Perhaps it was intended to read: SYNOPSIS logcheck [OPTIONS] -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked

Package: logcheck-database Version: 1.2.39 Severity: wishlist These are the subject of an am-utils FAQ <URL:http://www.am-utils.org/docs/am-utils/FAQ.txt> and would be useful in the ignored list. Note that it's either `newer' or `older'. Jun 14 14:32:25 albion kernel: nfs warning: mount version newer than kernel Jun 14 14:37:54 dlsy kernel: nfs warning: mount version older

Package: logcheck-database Version: 1.2.32 Severity: wishlist Ignore rules to supress messages generated from pugging in, and then removing, a USB headset (one speaker). ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: drivers\/usb\/class\/audio\.c: v1.0.0:USB Audio Class driver$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: usbaudio: assuming that a stereo channel connected directly to a mixer is

Hello, I''ve recently begun looking at Puppet as an alternative to Cfengine and I have a couple of questions. 1) Besides the information posted on the Puppet website, are there any critical differences between Puppet and Cfengine? 2) Does Puppet allow for client-specific file text manipulation. For instance, in Cfengine I can add a line of text to a file if the line doesn''t