similar to: IP drop list

On 03/01/2015 04:25 AM, Reindl Harald wrote: >> I wonder if there is an easy way to provide dovecot a flat text >> file of ipv4 #'s which should be ignored or dropped? >> >> I have accumulated 45,000+ IPs which routinely try dictionary >> and 12345678 password attempts. The file is too big to create >> firewall drops, and I don't want to compile with

On 2015-03-02 2:02 AM, Jochen Bern wrote: > On 03/01/2015 08:53 AM, Jim Pazarena wrote: >> I wonder if there is an easy way to provide dovecot a flat text file of >> ipv4 #'s which should be ignored or dropped? >> >> I have accumulated 45,000+ IPs which routinely try dictionary and >> 12345678 password attempts. The file is too big to create firewall >>

after having my own dnsbl feeded by a honeypot and even mod_security supports it for webservers i think dovecot sould support the same to prevent dictionary attacks from known bad hosts, in our case that blacklist is 100% trustable and blocks before SMTP-Auth while normal RBL's are after SASL i admit that i am not a C/C++-programmer, but i think doing the DNS request and in case it has a

On 03/04/2015 05:03 AM, Earl Killian wrote: > I would like to reiterate Reindl Harald's point above, since subsequent > discussion has gotten away from it. If Dovecot had DNS RBL support > similar to Postfix, I think quite a few people would use it, and thereby > defeat the scanners far more effectively than any other method. It is > good that other people are suggesting things

Am 01.03.2015 um 08:53 schrieb Jim Pazarena: > I wonder if there is an easy way to provide dovecot a flat text file of > ipv4 #'s which should be ignored or dropped? > > I have accumulated 45,000+ IPs which routinely try dictionary and > 12345678 password attempts. The file is too big to create firewall > drops, and I don't want to compile with wrappers *if* dovecot has

Dear Friend, I done configuration using RBLSMTPD with WHITELIST, but I don't know it is correct. Please check files below are corrects. Thanks Adriano === FILE WHITELIST.DOMINIO.RBL. ==== $ttl 900 whitelist.dominio.rbl. IN SOA host1.xxxxxx.com. root.xxxxx.com. ( 2006112002 ; serial; 3600 ; refresh period (1 hora); 900 ; retry time (15 minutos); 1800 ; expire tiem (30 minutos); 900 ;

On 03/01/2015 08:53 AM, Jim Pazarena wrote: > I wonder if there is an easy way to provide dovecot a flat text file of > ipv4 #'s which should be ignored or dropped? > > I have accumulated 45,000+ IPs which routinely try dictionary and > 12345678 password attempts. The file is too big to create firewall > drops [...] The inherent assumption here is that dovecot, using a

On 11/04/2019 14:33, Anton Dollmaier via dovecot wrote: >> Which is why a dnsbl for dovecot is a good idea. I do not believe the >> agents behind these login attempts are only targeting me, hence the >> addresses should be shared via a dnsbl. > > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > >>

On 12/04/2019 08:42, Aki Tuomi via dovecot wrote: > On 12.4.2019 10.34, James via dovecot wrote: >> On 12/04/2019 08:24, Aki Tuomi via dovecot wrote: >> >>> Weakforced uses Lua so you can easily integrate DNSBL support into it. >> How does this help Dovecot block? >> A link to some documentation or example perhaps? >> >> >

Am 01.03.2015 um 23:16 schrieb Dave McGuire: > On 03/01/2015 04:25 AM, Reindl Harald wrote: >>> I wonder if there is an easy way to provide dovecot a flat text >>> file of ipv4 #'s which should be ignored or dropped? >>> >>> I have accumulated 45,000+ IPs which routinely try dictionary >>> and 12345678 password attempts. The file is too big to

Am 04.03.2015 um 21:03 schrieb Dave McGuire: > On 03/04/2015 02:12 PM, Michael Orlitzky wrote: >>> I would like to reiterate Reindl Harald's point above, since subsequent >>> discussion has gotten away from it. If Dovecot had DNS RBL support >>> similar to Postfix, I think quite a few people would use it, and thereby >>> defeat the scanners far more

Gents, I have added the following to /etc/mail/sendmail.mc and rebuilt it trying to control spam. I still get about 25 spam messages a day. Is there something else that can help control spam? Thanks jerry --------------------------- dnl # dnl # dnsbl - DNS based Blackhole List/Black List/Rejection list dnl # See http://www.sendmail.org/m4/features.html#dnsbl dnl # FEATURE(`dnsbl',

On 03/04/2015 09:45 PM, Dave McGuire wrote: > On 03/04/2015 03:37 PM, Oliver Welter wrote: >> Am 04.03.2015 um 21:03 schrieb Dave McGuire: >>> Am 04.03.2015 um 20:12 schrieb Michael Orlitzky: >>>> Please add [DNSBL] support to iptables instead of Dovecot. It's a waste of >>>> effort to code it into every application that listens on the network.

In the past I've used a combination of spamhaus combined RBL's and Spamassassin with Mailscanner as my spam recipe, but this stopped working very well for me well over a year ago. As many of the users of the couple small/personal mail servers I run are NOT technical people, and use POP to read their mail, 'training' spamassassin is difficult at best. Once upon a time, using

In case someone's using the nixspam RBL and wondering why the influx from the CentOS mailing lists has stopped today: http://www.dnsbl.manitu.net/lookup.php?language=en&value=72.21.40.12 Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com

Am 02.03.2015 um 18:56 schrieb Robert Schetterer: > perhaps and i mean really "perhaps" go this way > > https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/ > > https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/ > > 45K+ IPs will work in a recent table > i have them too but for smtp only like > >

On 11/04/2019 11:43, Marc Roos via dovecot wrote: > A. With the fail2ban solution > - you 'solve' that the current ip is not able to access you It is only a solution if there are subsequent attempts from the same address. I currently have several thousand addresses blocked due to dovecot login failures. My firewall is set to log these so I can see that few repeat, those

Hi all, Just out of curiosity: is there anything we can do, on the samba side, to counter the recent ransomware attacks? (or limit the damage done) I'm thinking like: limit the number of files per second a client (workstation) is allowed to edit, or some other smart tricks..? It would be nice if samba could be an extra layer of defense. Something perhaps a vfs module could help with..?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 01.03.2015 um 08:53 schrieb Jim Pazarena: > I have accumulated 45,000+ IPs which routinely try dictionary and > 12345678 password attempts. The file is too big to create firewall > drops, Have you also checked ipset (http://ipset.netfilter.org/) Its extremely powerful even with huge block lists -----BEGIN PGP SIGNATURE----- Version:

Dear All, its a offtopic question but really apprecite if someone would advise n help i have been running a mil server with sendmail and have sbl-xbl.spamhaus.org as my dnsbl. i had other servers which are alredy out now that is relays.ordb.org and dsbl.org have already been out of my sendmail config. any one knows of ny other servers i could add in my sendmail config apprecite ur help