similar to: under another kind of attack

Dear collegues, many thanks for your valuable input. Since we are an university GEO-IP blocking is not an option for us. Somestimes I think it should ;-) My "mistake" was that I had just *one* fail2ban filter for both cases: "wrong password" and "unknown user". Now I have two distinct jails: The first one just for "wrong password" and here the findtime,

Hi Olaf, Since we implemented country blocking, everything seems nicely under control, with only 'normal levels' of knocking. We first have impemented: http://blog.jeshurun.ca/technology/block-countries-ubuntu-iptables-xtables-geoip Then we did: https://github.com/firehol/blocklist-ipsets And finale iptables rules like these: > iptables -A INPUT -p tcp --dport 143 -m geoip

Hi folks, "somehow" similar to the thread "under some kind oof attack" started by "MJ": I have dovecot shielded by fail2ban which works fine. But since a few days I see many many IPs per day knocking on my doors with wron password and/or users. But the rate at which they are knocking is very very low. So fail2ban will never catch them. For example one IP: Jul 25

mj <lists at merit.unu.edu> writes: >>> However, it seems almost all IPs are different, and I don't think I can >>> keep the above settings permanently. >> >> Why not? Limited by firewall rules overload? You could probably use >> a persistent DB, can't you? > > I meant: keep the "block after the first failed attempt" setting.

Olaf Hopp <Olaf.Hopp at kit.edu> wrote: > And I have a new one just for "unknown user" and here my bantime and findtime > are much bigger and the retries are just '2'. So here I'm much harsher. > I'll keep an eye on my logs and maybe some more twaeking is necessary. Just be careful about typos (like twaeking!): users could simply misspell their username,

On Tue, 18 Jul 2017, dovecot-request at dovecot.org wrote: > Thanks for the quick follow-ups! Much appreciated. After posting this, I > immediately started working on fail2ban. And between my initial posting > and now, fail2ban already blocked 114 IPs. > > I have fail2ban with maxretry=1 and bantime=1800 > > However, it seems almost all IPs are different, and I don't

> On 26 Jul 2017, at 7:57 pm, Olaf Hopp <Olaf.Hopp at kit.edu> wrote: > > Dear collegues, > > many thanks for your valuable input. > > Since we are an university GEO-IP blocking is not an option for us. > Somestimes I think it should ;-) > > My "mistake" was that I had just *one* fail2ban filter for both cases: > "wrong password" and

> From: Olaf Hopp <Olaf.Hopp at kit.edu> > Davide, > yours is all postfix and thus has got no overlap with dovecot. > So no interference. > Olaf Yes, I know, but I preferred not to give anything for granted ;-) Many Thanks Olaf!

Hi to all, @Olaf Hopp I've this filter enabled for fail2ban, my question is: could my filters overlap or interfere with those suggested by you? this is my filter: Contents of /etc/fail2ban/jail.conf: [postfix] # Ban for 10 minutes if it fails 6 times within 10 minutes enabled = true port = smtp,ssmtp filter = postfix logpath = /var/log/mail.log maxretry = 6 bantime = 600

Another good one is http://denyhosts.sourceforge.net/ It runs as a daemon, and can either ban IP's addresses all together, or just ban certain services. -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Brian Marshall Sent: Thursday, November 16, 2006 9:33 AM To: CentOS mailing list Subject: Re: [CentOS] Re: IPTables

> I would like to create a fail2ban filer, that scans for these lines: > >> Jul 20 11:10:09 auth: Info: ldap(user1,60.166.35.162,<cDFXHbxUQgA8piOi>): invalid credentials (given password: password) >> Jul 20 11:10:19 auth: Info: ldap(user2,61.53.66.4,<V+nyHbxU+wA9NUIE>): invalid credentials (given password: password) > > (as you can see, I have enabled

OK, I found a solution: trusted_users = exim:dovecot in my exim.conf fixed it. Anyway this is an important change of behavour between 2.2 und 2.3 In 2.2 the "dovecot" under exims "trusted_users" was not necessary. Olaf On 04/20/2018 02:53 PM, Olaf Hopp wrote: > On 04/20/2018 02:01 PM, Olaf Hopp wrote: >> Hi (Stephan?), >> is it a new feature of dovecot 2.3

Hi Aki, On 4/4/20 8:12 PM, Aki Tuomi wrote: > Can you provide doveconf -n and try turning on mail_debug=yes on both ends and try doveadm -Dv expunge .... mail_debug=yes is on on both ends and dovecot was restarted but anyway nothing is logged when I issue "doveadm -Dv expunge " In the shell where I issue the "expunge" I see the following: # /usr/bin/doveadm -Dv expunge

On 04/23/2018 03:46 PM, Olaf Hopp wrote: > On 04/23/2018 03:22 PM, Stephan Bosch wrote: >> >> >> Op 20-4-2018 om 14:01 schreef Olaf Hopp: >>> Hi (Stephan?), >>> is it a new feature of dovecot 2.3 /pigeonhole 0.5 that a sieve "redirect" changes the envelope sender of >>> a redirected mail or simply a bug ? >>> >>> A sends

On 05/09/2018 11:10 AM, Stephan Bosch wrote: > > > Op 09/05/2018 om 10:17 schreef Ralf Hildebrandt: >> * Stephan Bosch <stephan at rename-it.nl>: >>> >>> Op 08/05/2018 om 10:34 schreef Olaf Hopp: >>>> Hi, >>>> >>>> I had an email with 58 recipients in the "To" and 13 in the "CC" >>>>

Besides playing with Asterisk, i'm also using Linux for all kinds of multimedia things, especially recording music, mixing, etc. In order to use Linux as a digital audio workstation, there are a few things that one must do: use low-latency kernels, use pre-emption, use apps that run with real-time privileges, etc. For example, among audio Linux users, the CK (Con Kolivas) and LCK (Locosoft

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> Can you provide doveconf -n and try turning on mail_debug=yes on both ends and try doveadm -Dv expunge .... </div> <div> <br> </div> <div> Aki </div> <blockquote type="cite"> <div>

On 04/23/2018 03:22 PM, Stephan Bosch wrote: > > > Op 20-4-2018 om 14:01 schreef Olaf Hopp: >> Hi (Stephan?), >> is it a new feature of dovecot 2.3 /pigeonhole 0.5 that a sieve "redirect" changes the envelope sender of >> a redirected mail or simply a bug ? >> >> A sends mail to B, B redirects to C >> C sees B (not A!) as envelope sender.

On 03/12/2015 12:02 AM, Stephan Bosch wrote: > On 3/11/2015 11:10 AM, Olaf Hopp wrote: >> Please see the thread with subject >> "Sieve permissions issue following update" >> I tested sucessfully a developper issue last month >> on the hint of Stephan. Yesterday I started to test the currenr RCs. >> >> First I was disappointed, because the error

On 04/20/2018 02:01 PM, Olaf Hopp wrote: > Hi (Stephan?), > is it a new feature of dovecot 2.3 /pigeonhole 0.5 that a sieve "redirect" changes the envelope sender of > a redirected mail or simply a bug ? > > A sends mail to B, B redirects to C > C sees B (not A!) as envelope sender. > It is not a problem if C gets the mail but if that mail bounces > for various