similar to: Logging passwords on auth failure/dealing with botnets

Dear All, its a offtopic question but really apprecite if someone would advise n help i have been running a mil server with sendmail and have sbl-xbl.spamhaus.org as my dnsbl. i had other servers which are alredy out now that is relays.ordb.org and dsbl.org have already been out of my sendmail config. any one knows of ny other servers i could add in my sendmail config apprecite ur help

Gents, I have added the following to /etc/mail/sendmail.mc and rebuilt it trying to control spam. I still get about 25 spam messages a day. Is there something else that can help control spam? Thanks jerry --------------------------- dnl # dnl # dnsbl - DNS based Blackhole List/Black List/Rejection list dnl # See http://www.sendmail.org/m4/features.html#dnsbl dnl # FEATURE(`dnsbl',

Hi list, I have noted over the last week or so my DNS servers are dumping lots of messages for bogus domain lookups. Examining the postfix queue with postqueue -p: I see many (Host or domain name not found. Name service error for name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again) Jake at bdgiedjhea.po6e4ina.com My question - why does this

Hello to all members. I am using Dovecot for 5 years, but this is my first post here. I am aware of the various autoresponder scripts for vacation autoreplies (I am using Virtual Vacation 3.1 by Mischa Peters). I have an issue with auto-replies - it is vulnerable to spamming with forged email address. Forging can be prevented with several Postfix settings, which I did in the past - but was forced

Hi, I'm not sure what the policy of this list is and I bet everyone has a spam filter, so nobody might have noticed, but we got spammed. Can anyone send mail to the list or do you have to subscribe first ? -- dag wieers, dag@wieers.com, http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power]

I have enabled the feature in sendmail.mc to check with spamhaus for spammers. However since this block is being made at MTA level, I would like to know is something can be done to obtain statistics of blocked attemps. thanks -- ------------------------------------------------------------ Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama,

Hi all, Just out of curiosity: is there anything we can do, on the samba side, to counter the recent ransomware attacks? (or limit the damage done) I'm thinking like: limit the number of files per second a client (workstation) is allowed to edit, or some other smart tricks..? It would be nice if samba could be an extra layer of defense. Something perhaps a vfs module could help with..?

On 02/04/2015 07:55 PM, Always Learning wrote: > Rent ? That costs money. Just crack open some Windoze machines and do > it for free. That is what many hackers do. Those crackers who build these botnets are the ones who rent out botnet time to people who just was to get the work done. There is a large market in botnet time. > > Is this safe enough ? > >

Hello guys, Whats is the best way to identify a possible user using a botnet with php in the server? And if he is using GET commands for example in other server. Does apache logs outbound conections ? If it is using a file that is not malicious the clam av would not identify. Thanks

Another alternative is to use a FIMS/HIDS such as Aide (Advanced Intrusion Detection Environment), OSSEC or Samhain. Be prepared to learn a lot about what your OS normally does behind the scenes (and thus a fair amount of initial fine tuning to exclude those things). Aide seems to work well (I've seen only one odd result) and is quite granular. However, it is local system based rather than

On Tue, July 28, 2015 19:46, Warren Young wrote: > > iPads can???t be coopted into a botnet. The rules for iPad passwords > must necessarily be different than for CentOS. > http://www.tomsguide.com/us/ios-botnet-hacking,news-19253.html -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne

On Fri, Aug 02, 2019 at 08:22:06AM +0100, Pete Biggs wrote: > > > This is just the first screen of it, there are many more. The data > > compiled here is for the last month (rsyslog is keeping the current > > log plus four older logs). I find it disturbing that there were 12251 > > attempts at telnet during that time, 2154 on 8080, and so forth. either > > I'm

I am I a situation where I have to wipe my remote server and reinstall, Its been a while since I built a server and I am not as sharp as I use to be I am running FreeBSD 12.1. well at least the server is... I am getting constant authentication errors like Dec 28 22:10:18 triggerfish dovecot[21809]: imap-login: Aborted login (auth failed, 1 attempts in 6 secs): user=<jason at example.com>,

On 03/01/2015 04:25 AM, Reindl Harald wrote: >> I wonder if there is an easy way to provide dovecot a flat text >> file of ipv4 #'s which should be ignored or dropped? >> >> I have accumulated 45,000+ IPs which routinely try dictionary >> and 12345678 password attempts. The file is too big to create >> firewall drops, and I don't want to compile with

Hi list, I have been getting the following types of log messages Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT from unknown[71.46.229.50]: 450 4.7.1 Client host rejected: cannot find your hostname, [71.46.229.50]; from=<DWoodman at orangebankfl.com> to=<rkampen at ndgonline.net> proto=ESMTP helo=<mail.floridianbank.com> a rdns check shows all is well

> On Feb 4, 2015, at 5:43 PM, Warren Young <wyml at etr-usa.com> wrote: > > SSH as shipped on CentOS doesn?t allow 1,000 guesses per second, as this calculator assumes Hmm, just thought of a counterattack: If CentOS?s SSH currently allows 10 guesses per minute *per IP*, all you need to do to get 1,000 guesses per second is to rent time on a 6,000 machine botnet.

Dave McGuire writes: >> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets >> >> then setup fail2ban to manage extrafields > > Now that's a very interesting idea, thank you! I will investigate this. If you don't expect yor firewall to handle 45K+ IPs, I'm not how you expect dovecot will handle a comma separated string with 45K+ entries any

Hello, I am hoping you folks on the list could advise me on this... Can anyone point me towards a HOW-TO that describes how to transform a normal CentOS install into a very basic POP3/IMAP/SMTP email server? Our current ISP where we host ~15 domains and ~25+ email accounts has a mandatory incoming "auto-discard" spam filter that is far too strict to continue using. Unfortunately,

> On Jul 28, 2015, at 11:27, Warren Young <wyml at etr-usa.com> wrote: > > On Jul 25, 2015, at 6:22 PM, Bob Marcan wrote: >> >> 1FuckingPrettyRose >> "Sorry, you must use no fewer than 20 total characters." >> 1FuckingPrettyRoseShovedUpYourAssIfYouDon'tGiveMeAccessRightFuckingNow! >> "Sorry, you cannot use punctuation."

On 11/04/2019 14:33, Anton Dollmaier via dovecot wrote: >> Which is why a dnsbl for dovecot is a good idea. I do not believe the >> agents behind these login attempts are only targeting me, hence the >> addresses should be shared via a dnsbl. > > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > >>