similar to: how to monitor,or be notified of email blacklisting ?

Some lists and emails are distributed via ns1.samba.org. For those of you that use ORBS, you'll find it is blacklisted now. There is no mention of it on the website and it doesn't return a positive when you enter it for testing but it has slipped into the ORBS blacklist somewhere. Samba.org admins may wish to force all ns1 outbound email via another netblock, bringing it up to ORBS only

Hi folks, first of all thanks for Dovecot, I appreciate it a lot. On one of our servers, we experience regular tries to brute force logins, probably based on harvested mail addresses. Now I wonder if dovecot has or could in future have some mechanism to blacklist remote IP addresses after a configurable number of failures to login to any account. Blacklisted IPs could simply be disconnected

Hello, Pardon me if this turns out to be stupid question. I have an IP address blacklisted in /etc/shorewall/blacklist. I have BLACKLIS_LOGLEVEL not set in /etc/shorewall/shorewall.conf, but I can still see the packages coming from the blacklisted IP logged in /var/log/messages when I do ''tail -f /var/log/messages''. Is there someplace else I should check ? Thanks. RDB --

Hi. I would like to blacklist a few callers and I have been using the *CLI> database put blacklist 1234 "annoying callers". Instead of putting the same command for every user is there any way to have a file? Ideally a file in /opt that I would update the blacklisted numbers (add,remove). Is there anything like that, please?<br>

-------- Original Message -------- Subject: Re: [CentOS] ipset and blacklisting From: "Albert McCann" <mac358 at newsguy.com> Date: Wed, September 21, 2016 5:34 am To: "'CentOS mailing list'" <centos at centos.org> How are you saving and reloading the ipsets over a reboot? > -----Original Message----- > From: centos-bounces at centos.org

This is what ipset can do for traffic on a home server that's not wanted on a slow 6MB DSL connection. http://palmettoshopper.com/httpd_traffic.jpg I only use my home server for zoneminder, testing my commercial website and streaming movies. Got tired of hackers looking for files that don't exist on my home server and non-complying robots. Check the drop in bandwidth. Setup up a

Please CC jmc AT xisl.com on any reply as I'm not subscribed. We are getting several thousand login tries daily all from the same IP each try. It would be a great help to automatically refuse connections from a given IP after a certain number of failed login attempts. I was thinking of doing that myself but if anyone else is about to do it or has done it please let me know. Thanks. John

I'm trying to figure out how to use firewalld on CentOS 7 to block access to ssh (on a custom port to control log bloat) and smtp submission except for specific source addresses, using ipset. I haven't been able to figure out how to combine a port number or service name with an ipset, either as a blacklist of nets or a whitelist of addresses. It looks like ipset with type of

Hello, I''m a very happy user of shorewall but I have found a problem or maybe a misconfiguration I made which I can not resolve. I use a fairly large blacklist based on probes, nimda & codered attacks, proxy & relay probes etc. The only problem is that I want to block incoming trafic on all ports FROM a block but it does also block a httpd, ping etc TO a ip in a block what I do

Hello, I run dovecot-2/Maildir/LDAP user/passdb and would like to be able to deny acess to users who connect from certain domains/IP (google.com for instance since in that case they gave their credentials to a third party). My understanding is that I cannot use some negative form of "allow_nets". The only mechanism I can think of is tcp_wrappers. However, dovecot documentation mention

Hello all, I''m new to the list. But have been using Shorewall on and off for over a year now. The one thing that got me hooked on staying with Shorewall, was the extensive and useful documentation. Great Job! I see also that over use of blacklisting is time consuming for restarts, refresh and it also means the kernel spends more time checking incoming packets. The following is from:

Does anyone know of a script that can act as a "helper" for Shorewall''s dynamic blacklist capabilities? Briefly said, I''d like to know if someone already wrote a script/program that, e.g., parses log files (/var/log/messages, etc) and picks up for example all IP addresses that failed SSH login more than X times and then executes a command such as shorewall drop

Hi, I've been reading all I can on Google (and Asterisk TFOT book) looking for ideas on how to implement an automated blacklist feature. I would like to automatically blacklist a incoming number based on timestamp and count information. For example, if I get a prank call from the same number 5 times within 15 minutes, I want my dialplan to automatically blacklist this number. Should I be

I have always been able to block toll-free numbers by catching them with a line similar to this for each DID I have on my system: exten => 5554441212/_888NXXXXXX,n,Playback(GoAway) Where 15554441212 is one of the DIDs that rings into our Asterisk box. The problem with this approach that I have to create a line like this for every pattern I want to block multiplied by every DID on my system,

Hi, Is there any way to automatically block all traffic from IP''s that try more than X number of blocked ports for a preset amount of time? The log I get every morning seems to be getting bigger and bigger with port scans and attempts to access various services, it would be nice if these IP''s could be automatically blocked for like a week or two.. I wouldn''t want

In my blacklist I have: database show ... /blacklist/Manitoba : advertising ... [incoming] ; First, lets take care of telemarketers exten => 4,1,GotoIf(${BLACKLIST()}?blacklisted,s,1) exten => 4,n,Set(goaway=${CALLERID(number):0:2}) exten => 4,n,GotoIf($["${goaway}" = "V4" ]?blacklisted,s,1) exten => 4,n,GotoIf($["${goaway}" = "V3"

Can someone refresh my memory how to backlist caller ID in asterisk 1.8? I had it working in ver. 1.4 but in 1.8 it changed. -- Joseph

Hi, I consider reducing the usage of blacklist in sanitizer instrumentation passes and doing the necessary work in frontend (Clang) instead. Some of it is already implemented: e.g. Clang will attach an attribute "sanitize_address" to function definition only if this function is not blacklisted. In this case we won't instrument the memory accesses in this function in ASan

Hi, Given the recent increase in SIP brute force attacks, I've had a little idea. The standard scripts that block after X attempts work well to prevent you actually being compromised, but once you've been 'found' then the attempts seem to keep coming for quite some time. Older versions of sipvicious don't appear to stop once you start sending un-reachables (or straight

Dear List: An e-mail mentioning the r-project.org address and sent to a friend at a German university was considered spam by the local spam filter. Its reasoning: the URL "r-project.org" is blacklisted at uribl.swinog.ch resp. at antispam.imp.ch. I checked the list http://antispam.imp.ch/swinog-uri-rbl.txt [caution: long list] and indeed, there it was. Can anybody explain how or