Displaying 20 results from an estimated 1000 matches similar to: "under another kind of attack"
2017 Jul 26
0
under another kind of attack
Dear collegues,
many thanks for your valuable input.
Since we are an university GEO-IP blocking is not an option for us.
Somestimes I think it should ;-)
My "mistake" was that I had just *one* fail2ban filter for both cases:
"wrong password" and "unknown user".
Now I have two distinct jails:
The first one just for "wrong password" and here the findtime,
2017 Jul 25
0
under another kind of attack
Hi Olaf,
Since we implemented country blocking, everything seems nicely under
control, with only 'normal levels' of knocking.
We first have impemented:
http://blog.jeshurun.ca/technology/block-countries-ubuntu-iptables-xtables-geoip
Then we did:
https://github.com/firehol/blocklist-ipsets
And finale iptables rules like these:
> iptables -A INPUT -p tcp --dport 143 -m geoip
2017 Jul 25
10
under another kind of attack
Hi folks,
"somehow" similar to the thread "under some kind oof attack" started by "MJ":
I have dovecot shielded by fail2ban which works fine.
But since a few days I see many many IPs per day knocking on
my doors with wron password and/or users. But the rate at which they are knocking
is very very low. So fail2ban will never catch them.
For example one IP:
Jul 25
2017 Jul 19
0
under some kind of attack
mj <lists at merit.unu.edu> writes:
>>> However, it seems almost all IPs are different, and I don't think I can
>>> keep the above settings permanently.
>>
>> Why not? Limited by firewall rules overload? You could probably use
>> a persistent DB, can't you?
>
> I meant: keep the "block after the first failed attempt" setting.
2017 Jul 26
1
under another kind of attack
Olaf Hopp <Olaf.Hopp at kit.edu> wrote:
> And I have a new one just for "unknown user" and here my bantime and findtime
> are much bigger and the retries are just '2'. So here I'm much harsher.
> I'll keep an eye on my logs and maybe some more twaeking is necessary.
Just be careful about typos (like twaeking!): users could simply misspell
their username,
2017 Jul 18
1
under some kind of attack
On Tue, 18 Jul 2017, dovecot-request at dovecot.org wrote:
> Thanks for the quick follow-ups! Much appreciated. After posting this, I
> immediately started working on fail2ban. And between my initial posting
> and now, fail2ban already blocked 114 IPs.
>
> I have fail2ban with maxretry=1 and bantime=1800
>
> However, it seems almost all IPs are different, and I don't
2017 Jul 27
1
under another kind of attack
> On 26 Jul 2017, at 7:57 pm, Olaf Hopp <Olaf.Hopp at kit.edu> wrote:
>
> Dear collegues,
>
> many thanks for your valuable input.
>
> Since we are an university GEO-IP blocking is not an option for us.
> Somestimes I think it should ;-)
>
> My "mistake" was that I had just *one* fail2ban filter for both cases:
> "wrong password" and
2017 Jul 31
0
under another kind of attack
> From: Olaf Hopp <Olaf.Hopp at kit.edu>
> Davide,
> yours is all postfix and thus has got no overlap with dovecot.
> So no interference.
> Olaf
Yes, I know, but I preferred not to give anything for granted ;-)
Many Thanks Olaf!
2017 Jul 29
1
under another kind of attack
Hi to all,
@Olaf Hopp I've this filter enabled for fail2ban, my question is: could
my filters overlap or interfere with those suggested by you?
this is my filter:
Contents of /etc/fail2ban/jail.conf:
[postfix]
# Ban for 10 minutes if it fails 6 times within 10 minutes
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 6
bantime = 600
2006 Nov 16
0
Re: IPTables Blocking Brute Forcers
Another good one is
http://denyhosts.sourceforge.net/
It runs as a daemon, and can either ban IP's addresses all together, or
just ban certain services.
-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Brian Marshall
Sent: Thursday, November 16, 2006 9:33 AM
To: CentOS mailing list
Subject: Re: [CentOS] Re: IPTables
2017 Jul 20
1
under some kind of attack
> I would like to create a fail2ban filer, that scans for these lines:
>
>> Jul 20 11:10:09 auth: Info: ldap(user1,60.166.35.162,<cDFXHbxUQgA8piOi>): invalid credentials (given password: password)
>> Jul 20 11:10:19 auth: Info: ldap(user2,61.53.66.4,<V+nyHbxU+wA9NUIE>): invalid credentials (given password: password)
>
> (as you can see, I have enabled
2018 Apr 20
2
Sieve "redirect" changes envelope sender in 2.3. / pigeonhole 0.5
OK, I found a solution:
trusted_users = exim:dovecot
in my exim.conf fixed it.
Anyway this is an important change of behavour between 2.2 und 2.3
In 2.2 the "dovecot" under exims "trusted_users" was not necessary.
Olaf
On 04/20/2018 02:53 PM, Olaf Hopp wrote:
> On 04/20/2018 02:01 PM, Olaf Hopp wrote:
>> Hi (Stephan?),
>> is it a new feature of dovecot 2.3
2020 Apr 06
0
replication and spam removal ("doveadm expunge")
Hi Aki,
On 4/4/20 8:12 PM, Aki Tuomi wrote:
> Can you provide doveconf -n and try turning on mail_debug=yes on both ends and try doveadm -Dv expunge ....
mail_debug=yes
is on on both ends and dovecot was restarted but anyway nothing is logged when I issue "doveadm -Dv expunge "
In the shell where I issue the "expunge" I see the following:
# /usr/bin/doveadm -Dv expunge
2018 Apr 24
0
Sieve "redirect" changes envelope sender in 2.3. / pigeonhole 0.5
On 04/23/2018 03:46 PM, Olaf Hopp wrote:
> On 04/23/2018 03:22 PM, Stephan Bosch wrote:
>>
>>
>> Op 20-4-2018 om 14:01 schreef Olaf Hopp:
>>> Hi (Stephan?),
>>> is it a new feature of dovecot 2.3 /pigeonhole 0.5 that a sieve "redirect" changes the envelope sender of
>>> a redirected mail or simply a bug ?
>>>
>>> A sends
2018 May 09
2
lmtp panic with many recipients
On 05/09/2018 11:10 AM, Stephan Bosch wrote:
>
>
> Op 09/05/2018 om 10:17 schreef Ralf Hildebrandt:
>> * Stephan Bosch <stephan at rename-it.nl>:
>>>
>>> Op 08/05/2018 om 10:34 schreef Olaf Hopp:
>>>> Hi,
>>>>
>>>> I had an email with 58 recipients in the "To" and 13 in the "CC"
>>>>
2004 Jul 31
1
learning from the audio folks
Besides playing with Asterisk, i'm also using Linux for all kinds of
multimedia things, especially recording music, mixing, etc.
In order to use Linux as a digital audio workstation, there are a few
things that one must do: use low-latency kernels, use pre-emption, use
apps that run with real-time privileges, etc.
For example, among audio Linux users, the CK (Con Kolivas) and LCK
(Locosoft
2020 Apr 04
2
replication and spam removal ("doveadm expunge")
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
Can you provide doveconf -n and try turning on mail_debug=yes on both ends and try doveadm -Dv expunge ....
</div>
<div>
<br>
</div>
<div>
Aki
</div>
<blockquote type="cite">
<div>
2018 Apr 23
2
Sieve "redirect" changes envelope sender in 2.3. / pigeonhole 0.5
On 04/23/2018 03:22 PM, Stephan Bosch wrote:
>
>
> Op 20-4-2018 om 14:01 schreef Olaf Hopp:
>> Hi (Stephan?),
>> is it a new feature of dovecot 2.3 /pigeonhole 0.5 that a sieve "redirect" changes the envelope sender of
>> a redirected mail or simply a bug ?
>>
>> A sends mail to B, B redirects to C
>> C sees B (not A!) as envelope sender.
2015 Mar 12
0
Why is Sieve trying to re-compile global scripts?
On 03/12/2015 12:02 AM, Stephan Bosch wrote:
> On 3/11/2015 11:10 AM, Olaf Hopp wrote:
>> Please see the thread with subject
>> "Sieve permissions issue following update"
>> I tested sucessfully a developper issue last month
>> on the hint of Stephan. Yesterday I started to test the currenr RCs.
>>
>> First I was disappointed, because the error
2018 Apr 20
0
Sieve "redirect" changes envelope sender in 2.3. / pigeonhole 0.5
On 04/20/2018 02:01 PM, Olaf Hopp wrote:
> Hi (Stephan?),
> is it a new feature of dovecot 2.3 /pigeonhole 0.5 that a sieve "redirect" changes the envelope sender of
> a redirected mail or simply a bug ?
>
> A sends mail to B, B redirects to C
> C sees B (not A!) as envelope sender.
> It is not a problem if C gets the mail but if that mail bounces
> for various