similar to: Spam, fail2ban and centos

Displaying 20 results from an estimated 7000 matches similar to: "Spam, fail2ban and centos"

2012 Jun 15
1
Update on spam, postfix, fail2ban, centos 6
I have been using centos 6 in a virtualized system for a few months now. Took a while to batten down the hatches with postfix, rbls, and to use fail2ban correctly. The mailserver for my website(s) are located on the http server as well..an 'all in one' server. DNS servers are separated. My two sites, and their emails addresses (1 for each) have been around for 10 and 15 years
2010 Jul 13
3
OT: fail2ban, spam and mail servers
Many of you are interested in and have used or recommended fail2ban for your linux boxes. I finally installed it on our FreeBSD server (no asterisk, hence the OT) with the help of a friend from the VoIP Users Conference and Asterisk community. After a lot of new learning about regex, I extended the actions and filters to look at our mail server, plagued by spammers - who isn't? Our server has
2020 Apr 07
0
fail2ban ban not working
On 4/7/20 11:54 AM, Gary Stainburn wrote: > I have fail2ban on my mail server monitoring Dovecot and Exim. > > I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log: > > 2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO [dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05 > 2020-04-07 09:42:06,408 fail2ban.actions [16138]:
2012 Apr 27
1
fail2ban logrotate failure
I got the fail2ban from epel. There were a number of issues relating to using a log file... logwatch was looking for both fail2ban and fail2ban.log logrotate file fail2ban added looked for fail2ban.log and then reset itself to syslog fail2ban itself went to syslog, over riding its fail2ban.log. took a while, but I use /var/log/fail2ban now, that finally worked through logrotates and logwatch.
2017 Dec 17
0
ot: fail2ban dovecot setup
Am 17.12.2017 um 00:56 schrieb voytek at sbt.net.au: > I'm trying to setup and test fail2ban with dovecot > > I've installed fail2ban, I've copied config from > https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it, > > attempted multiple mail access with wrong password, but, get this: > > # fail2ban-client status dovecot-pop3imap > Status for
2017 Dec 17
0
ot: fail2ban dovecot setup
Copy dovecot-pop3imap.conf to dovecot-pop3imap.local.? Edit dovecot-pop3imap.local and add to the failregex: dovecot:.+auth failed.+rip=<HOST> Then run: fail2ban-regex /var/log/dovecot.log /etc/fail2ban/filter.d/dovecot-pop3imap.local and see if you get any matches. Bill On 12/16/2017 6:56 PM, voytek at sbt.net.au wrote: > I'm trying to setup and test fail2ban with dovecot >
2017 Dec 17
1
ot: fail2ban dovecot setup
On Mon, December 18, 2017 3:06 am, Alex JOST wrote: > Did you enable the dovecot service in fail2ban? By default all jails are > disabled. > > /etc/fail2ban/jail.conf: > [dovecot] > enabled = true Alex, thanks no, not in jail.conf, I've put it in the (1) /etc/fail2ban/jail.local I've also added postfix, that seems to work: I've made test failed dovecot and
2017 Dec 18
0
ot: fail2ban dovecot setup
Have you tried just using the the filter dovecot.conf come with the fail2ban? # cat /etc/fail2ban/filter.d/dovecot.conf ...... failregex = ^%(__prefix_line)s(?:%(__pam_auth)s(?:\(dovecot:auth\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(?:\s+user=\S*)?\s*$ ^%(__prefix_line)s(?:pop3|imap)-login: (?:Info: )?(?:Aborted
2020 May 22
1
fail2ban setup centos 7 not picking auth fail?
I'm trying to set up fail2ban with dovecot, I have it working on 'old' server Centos 6, but, not getting anywhere with 'new' server on Centos 7 using standard filters I've copied same 'filter' to new server, still get nothing any idea how to figure this out ? on old server, it logs to syslog/messages CentOS release 6.10 (Final) dovecot 2.3.10.1 (a3d0e1171) old #
2020 Apr 17
0
[SOLVED] fail2ban firewalld problems with current CentOS 7
Am 17.04.20 um 02:59 schrieb Rob Kampen: > On 13/04/20 1:30 pm, Orion Poplawski wrote: >> On 4/9/20 6:31 AM, Andreas Haumer wrote: >> ... >>> I'm neither a fail2ban nor a SELinux expert, but it seems the >>> standard fail2ban SELinux policy as provided by CentOS 7 is not >>> sufficient anymore and the recent updates did not correctly >>>
2020 Apr 17
2
[SOLVED] fail2ban firewalld problems with current CentOS 7
On 13/04/20 1:30 pm, Orion Poplawski wrote: > On 4/9/20 6:31 AM, Andreas Haumer wrote: > ... >> I'm neither a fail2ban nor a SELinux expert, but it seems the >> standard fail2ban SELinux policy as provided by CentOS 7 is not >> sufficient anymore and the recent updates did not correctly >> update the required SELinux policies. >> >> I could report this
2020 Apr 07
3
fail2ban ban not working
I have fail2ban on my mail server monitoring Dovecot and Exim. I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log: 2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO [dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05 2020-04-07 09:42:06,408 fail2ban.actions [16138]: NOTICE [dovecot] Ban 77.40.61.224 2020-04-07 09:42:06,981
2016 Mar 10
0
[ISC Crosspost] Novel method for slowing down Locky on Samba server using fail2ban
From: bounces at isc.sans.edu To: sbradcpa at pacbell.net <sbradcpa at pacbell.net> Novel method for slowing down Locky on Samba server using fail2ban https://isc.sans.edu/diary.html?n&storyid=20805 http://www.heise.de/security/artikel/Erpressungs-Trojaner-wie-Locky-aussperren-3120956.html Google Translate version of above: If you teach the Samba server to monitor and write Rename
2010 Nov 10
1
dictonary attacks
Hi hoping someone can help me a little with this one. I have 2 mail servers, the incoming mail server runs dovecot and the outgoing mail server runs postfix with sasl. Lately I noticed a lot of spammers are running dictionary attacks on my incoming server and then using that user/password for sasl on the outgoing server. The weird thing is I never see on the logs the guessed
2017 Dec 16
7
ot: fail2ban dovecot setup
I'm trying to setup and test fail2ban with dovecot I've installed fail2ban, I've copied config from https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it, attempted multiple mail access with wrong password, but, get this: # fail2ban-client status dovecot-pop3imap Status for the jail: dovecot-pop3imap |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File
2010 Aug 09
1
fail2ban behavior
I created a filter and verified it with fail2ban-regex against actual lines in my log and it works. During restarts of fail2ban, only some previous ip's get banned immediately whereas some need a reoccurrence despite the jail's config specification of maxretry and findtime suggesting the entries mandate blocking. I'd assume the behavior after a restart is noe way if it weren't for
2010 Nov 10
1
dovecot dictionary attacks
Hi, I been using dovecot for awhile and its been solid, however I been having some issues with dictionary attacks. I installed fail2ban and for the most part is working fine. However today I got another spammer relaying through my server. Looking at the logs I see the following dictonary attack from 94.242.206.37 Nov 10 03:04:38 pop dovecot: pop3-login: Disconnected: rip=94.242.206.37,
2015 Mar 10
2
Fail2Ban Centos 7 is there a trick to making it work?
On Mon, March 9, 2015 13:11, John Plemons wrote: > Been working on fail2ban, and trying to make it work with plain Jane > install of Centos 7 > > Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB > of disk space. Very generic and vanilla. > > Current available epel repo version is fail2ban-0.9.1 > > Looking at the log file, fail2ban starts and stops
2011 Aug 09
3
fail2ban help
Hello list. I have a question for fail2ban for bad logins on sasl. I use sasl, sendmail and cyrus-imapd. In jail.conf I use the following syntax: [sasl-iptables] enabled = true filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=my at email] logpath = /var/log/maillog maxretry = 6 and the following filter:
2017 Mar 02
3
fail2ban Asterisk 13.13.1
If this is a small site, I recommend you download the free version of SecAst (www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does NOT use the log file, or regexes, to match etc.instead it talks to Asterisk through the AMI to extract security information. Messing with regexes is a losing battle, and the lag in reading logs can allow an attacker 100+ registration