similar to: under some kind of attack

On Tue, 18 Jul 2017, dovecot-request at dovecot.org wrote: > Thanks for the quick follow-ups! Much appreciated. After posting this, I > immediately started working on fail2ban. And between my initial posting > and now, fail2ban already blocked 114 IPs. > > I have fail2ban with maxretry=1 and bantime=1800 > > However, it seems almost all IPs are different, and I don't

Olaf Hopp <Olaf.Hopp at kit.edu> writes: > I have dovecot shielded by fail2ban which works fine. But since a few > days I see many many IPs per day knocking on my doors with wron > password and/or users. But the rate at which they are knocking is very > very low. So fail2ban will never catch them. Slow roll distributed attacks. Really hard to stop. > And I see many many

Hi, Since upgrading our mail servers to Postfix/Dovecot, we've seen a rather large increase in botnet brute force password attacks. I guess our old servers were too slow to suit their needs. Now, when they hit upon a valid user, it's easy to see what passwords they are trying (we've enabled auth_debug_passwords and set auth_verbose_passwords = plain). We can easily have log

Hi Robert, On 07/18/2017 11:43 PM, Robert Schetterer wrote: > i guess not, but typical bots arent using ssl, check it > > however fail2ban sometimes is to slow I have configured dovecot with auth_failure_delay = 10 secs I hope that before the 10 sec are over, dovecot will have logged about the failed login attempt, and fail2ban will have blocked the ip by then. MJ

IMO, First secure your entry points.. Mail webserver and proxy and the exit points. ( your users environment in my case windows 7/10 desktops.) Im waiting until trevor has the antivirus vfs is ready for samba 4. @David Disseldrop, you know the status about that, since it was you call to get it in samba. ;-) (https://github.com/fumiyas/samba-virusfilter/issues/23) I've seen good work but

I have concoted something that seems to work. And for the archives, this is it: > failregex = auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials \(given password: .+ssword\) > auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials \(given password: 1qaz2wsx\) > auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials \(given password: 123321\)

Hi Olaf, Since we implemented country blocking, everything seems nicely under control, with only 'normal levels' of knocking. We first have impemented: http://blog.jeshurun.ca/technology/block-countries-ubuntu-iptables-xtables-geoip Then we did: https://github.com/firehol/blocklist-ipsets And finale iptables rules like these: > iptables -A INPUT -p tcp --dport 143 -m geoip

Am 20.07.2017 um 12:28 schrieb mj: > I have concoted something that seems to work. And for the archives, this > is it: > >> failregex = auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials >> \(given password: .+ssword\) >> auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials >> \(given password: 1qaz2wsx\) >> auth:

On 06/28/2017 07:13 AM, L.P.H. van Belle via samba wrote: > IMO, > > First secure your entry points.. Mail webserver and proxy and the exit points. ( your users environment in my case windows 7/10 desktops.) > > Im waiting until trevor has the antivirus vfs is ready for samba 4. > @David Disseldrop, you know the status about that, since it was you call to get it in samba. ;-)

Another good one is http://denyhosts.sourceforge.net/ It runs as a daemon, and can either ban IP's addresses all together, or just ban certain services. -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Brian Marshall Sent: Thursday, November 16, 2006 9:33 AM To: CentOS mailing list Subject: Re: [CentOS] Re: IPTables

Hi all, If I may, one more question on this subject: I would like to create a fail2ban filer, that scans for these lines: > Jul 20 11:10:09 auth: Info: ldap(user1,60.166.35.162,<cDFXHbxUQgA8piOi>): invalid credentials (given password: password) > Jul 20 11:10:19 auth: Info: ldap(user2,61.53.66.4,<V+nyHbxU+wA9NUIE>): invalid credentials (given password: password) (as you can

Hello Everyone, I am a newbie. When I try to install GRUB2 on centos 5.2 system, I get following error. centos5: grub-install /dev/sda //sbin/grub-setup: warn: This GPT partition label has no BIOS Boot Partition; embedding won't be possible!. //sbin/grub-setup: warn: Embedding is not possible. GRUB can only be installed in this setup by using blocklists. However, blocklists are UNRELIABLE

Andreas Jellinghaus wrote: > Hi Edward, > Hello. > I saw your mail on btrfs ml with the grub patches and the notes > how to deal with btrfs. > > can you explain how grub and btrfs work exactly? > I read the grub manual at > http://www.gnu.org/software/grub/manual/html_node/Bootstrap- > tricks.html#Bootstrap-tricks > > so I wonder: does btrfs provide a

Gents, I have added the following to /etc/mail/sendmail.mc and rebuilt it trying to control spam. I still get about 25 spam messages a day. Is there something else that can help control spam? Thanks jerry --------------------------- dnl # dnl # dnsbl - DNS based Blackhole List/Black List/Rejection list dnl # See http://www.sendmail.org/m4/features.html#dnsbl dnl # FEATURE(`dnsbl',

I've recently switched to using spamassassin via a sendmail milter, rather than using procmail to invoke it. This means that I get a number of messages appearing in my maillog, and then being reported by logwatch as unmatched entries. An example of such a messages is: Feb 27 04:33:09 quail sendmail[24780]: p1R4X46P024780[2]: URIBL blacklist\n\t* [URIs: tablettoxicspillsrx.ru]\n\t* 1.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 2 Mar 2015, Reindl Harald wrote: > Am 02.03.2015 um 10:06 schrieb Steffen Kaiser: >> If such plugin(?) is available, I would expect immediate complains, it >> does not support: >> >> + local file lists with various sets of syntaxes >> + RBLs with a fine grained response matching >> + use the same RBL

Perhaps someone can help me understand why this is happening. I''m trying to write a script using ''shorewall iprange'' to parse some ip ranges into subnets so that i can place them into the blocklist. I keep getting an error when i run the script though. Here is the script: #!/bin/csh foreach i (`cat ipranges`) shorewall iprange $i >>

So I was bored yesterday and tried solving a few problems with one stone: 1) Notify me of potential brute forcers (multiple attempts to register multiple numbers from one address) 2) Notify me of (l)users who are having password issues So I whipped up a simple script to run in cron and notify me that UserX from X_IP_Space had X amout of password issues. I'm currently running this from cron

Am 18.07.2017 um 21:44 schrieb mj: > Hi all, > > It seems we are under some kind of password guessing attack: > >> Jul 18 21:33:33 auth: Info: >> ldap(username1,103.6.223.61,<W7wLl5xUfABnBt89>): invalid credentials >> (given password: 1q2w3e4r5t) >> Jul 18 21:34:16 auth: Info: >> ldap(username1,221.4.61.180,<89WnmZxUrADdBD20>): invalid

Hi Robert, On 07/18/2017 10:15 PM, mj wrote: > Robert, your iptables suggestions are _very_ interesting! However, will > they also work on imaps/993, because of the ssl? I have adjusted and put into place your iptables suggestion like this: > iptables -I INPUT -p tcp --dport 143 -m string --algo bm --string '1q2w3e4r' -j DROP > iptables -I INPUT -p tcp --dport 993 -m string