Displaying 20 results from an estimated 10000 matches similar to: "under another kind of attack"
2017 Jul 29
1
under another kind of attack
Hi to all,
@Olaf Hopp I've this filter enabled for fail2ban, my question is: could
my filters overlap or interfere with those suggested by you?
this is my filter:
Contents of /etc/fail2ban/jail.conf:
[postfix]
# Ban for 10 minutes if it fails 6 times within 10 minutes
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 6
bantime = 600
2017 Jul 26
0
under another kind of attack
Dear collegues,
many thanks for your valuable input.
Since we are an university GEO-IP blocking is not an option for us.
Somestimes I think it should ;-)
My "mistake" was that I had just *one* fail2ban filter for both cases:
"wrong password" and "unknown user".
Now I have two distinct jails:
The first one just for "wrong password" and here the findtime,
2017 Jul 26
1
under another kind of attack
Olaf Hopp <Olaf.Hopp at kit.edu> wrote:
> And I have a new one just for "unknown user" and here my bantime and findtime
> are much bigger and the retries are just '2'. So here I'm much harsher.
> I'll keep an eye on my logs and maybe some more twaeking is necessary.
Just be careful about typos (like twaeking!): users could simply misspell
their username,
2017 Jul 27
1
under another kind of attack
> On 26 Jul 2017, at 7:57 pm, Olaf Hopp <Olaf.Hopp at kit.edu> wrote:
>
> Dear collegues,
>
> many thanks for your valuable input.
>
> Since we are an university GEO-IP blocking is not an option for us.
> Somestimes I think it should ;-)
>
> My "mistake" was that I had just *one* fail2ban filter for both cases:
> "wrong password" and
2017 Jul 25
0
under another kind of attack
Olaf Hopp <Olaf.Hopp at kit.edu> writes:
> I have dovecot shielded by fail2ban which works fine. But since a few
> days I see many many IPs per day knocking on my doors with wron
> password and/or users. But the rate at which they are knocking is very
> very low. So fail2ban will never catch them.
Slow roll distributed attacks. Really hard to stop.
> And I see many many
2017 Jul 25
10
under another kind of attack
Hi folks,
"somehow" similar to the thread "under some kind oof attack" started by "MJ":
I have dovecot shielded by fail2ban which works fine.
But since a few days I see many many IPs per day knocking on
my doors with wron password and/or users. But the rate at which they are knocking
is very very low. So fail2ban will never catch them.
For example one IP:
Jul 25
2018 Apr 20
2
Sieve "redirect" changes envelope sender in 2.3. / pigeonhole 0.5
OK, I found a solution:
trusted_users = exim:dovecot
in my exim.conf fixed it.
Anyway this is an important change of behavour between 2.2 und 2.3
In 2.2 the "dovecot" under exims "trusted_users" was not necessary.
Olaf
On 04/20/2018 02:53 PM, Olaf Hopp wrote:
> On 04/20/2018 02:01 PM, Olaf Hopp wrote:
>> Hi (Stephan?),
>> is it a new feature of dovecot 2.3
2020 Apr 06
0
replication and spam removal ("doveadm expunge")
Hi Aki,
On 4/4/20 8:12 PM, Aki Tuomi wrote:
> Can you provide doveconf -n and try turning on mail_debug=yes on both ends and try doveadm -Dv expunge ....
mail_debug=yes
is on on both ends and dovecot was restarted but anyway nothing is logged when I issue "doveadm -Dv expunge "
In the shell where I issue the "expunge" I see the following:
# /usr/bin/doveadm -Dv expunge
2018 Apr 24
0
Sieve "redirect" changes envelope sender in 2.3. / pigeonhole 0.5
On 04/23/2018 03:46 PM, Olaf Hopp wrote:
> On 04/23/2018 03:22 PM, Stephan Bosch wrote:
>>
>>
>> Op 20-4-2018 om 14:01 schreef Olaf Hopp:
>>> Hi (Stephan?),
>>> is it a new feature of dovecot 2.3 /pigeonhole 0.5 that a sieve "redirect" changes the envelope sender of
>>> a redirected mail or simply a bug ?
>>>
>>> A sends
2017 Jul 25
0
under another kind of attack
Hi Olaf,
Since we implemented country blocking, everything seems nicely under
control, with only 'normal levels' of knocking.
We first have impemented:
http://blog.jeshurun.ca/technology/block-countries-ubuntu-iptables-xtables-geoip
Then we did:
https://github.com/firehol/blocklist-ipsets
And finale iptables rules like these:
> iptables -A INPUT -p tcp --dport 143 -m geoip
2018 May 09
2
lmtp panic with many recipients
On 05/09/2018 11:10 AM, Stephan Bosch wrote:
>
>
> Op 09/05/2018 om 10:17 schreef Ralf Hildebrandt:
>> * Stephan Bosch <stephan at rename-it.nl>:
>>>
>>> Op 08/05/2018 om 10:34 schreef Olaf Hopp:
>>>> Hi,
>>>>
>>>> I had an email with 58 recipients in the "To" and 13 in the "CC"
>>>>
2018 Apr 23
2
Sieve "redirect" changes envelope sender in 2.3. / pigeonhole 0.5
On 04/23/2018 03:22 PM, Stephan Bosch wrote:
>
>
> Op 20-4-2018 om 14:01 schreef Olaf Hopp:
>> Hi (Stephan?),
>> is it a new feature of dovecot 2.3 /pigeonhole 0.5 that a sieve "redirect" changes the envelope sender of
>> a redirected mail or simply a bug ?
>>
>> A sends mail to B, B redirects to C
>> C sees B (not A!) as envelope sender.
2018 Apr 20
0
Sieve "redirect" changes envelope sender in 2.3. / pigeonhole 0.5
On 04/20/2018 02:01 PM, Olaf Hopp wrote:
> Hi (Stephan?),
> is it a new feature of dovecot 2.3 /pigeonhole 0.5 that a sieve "redirect" changes the envelope sender of
> a redirected mail or simply a bug ?
>
> A sends mail to B, B redirects to C
> C sees B (not A!) as envelope sender.
> It is not a problem if C gets the mail but if that mail bounces
> for various
2017 Jun 06
3
v2.2.30.1 released
On 06/05/2017 11:05 AM, Angel L. Mateo wrote:
> I have updated my dovecot proxy servers from 2.2.28 to 2.2.30. Since the upgrade I'm having the error:
>
> Jun 5 10:54:51 musio12 dovecot: auth: Fatal: master: service(auth): child 63632 killed with signal 11 (core not dumped)
>
>
Me too, with
# 2.2.30.1 (eebd877): /opt/dovecot/etc/dovecot/dovecot.conf
# Pigeonhole
2015 Mar 12
0
Why is Sieve trying to re-compile global scripts?
On 03/12/2015 12:02 AM, Stephan Bosch wrote:
> On 3/11/2015 11:10 AM, Olaf Hopp wrote:
>> Please see the thread with subject
>> "Sieve permissions issue following update"
>> I tested sucessfully a developper issue last month
>> on the hint of Stephan. Yesterday I started to test the currenr RCs.
>>
>> First I was disappointed, because the error
2020 Apr 04
0
replication and spam removal ("doveadm expunge")
Nobody ? :-(
On 3/30/20 5:26 PM, Olaf Hopp wrote:
> Hello everybody,
> since now I did no replication and spam is delivered into users folder "spambox"
> Every night there is a cronjob which deletes spam older than 30 days via something like
> ????"find .... -ctime +30 -delete"
> Now I'm going to set up replication (two way) and I thought that
> doing
2020 Apr 04
2
replication and spam removal ("doveadm expunge")
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
Can you provide doveconf -n and try turning on mail_debug=yes on both ends and try doveadm -Dv expunge ....
</div>
<div>
<br>
</div>
<div>
Aki
</div>
<blockquote type="cite">
<div>
2015 Dec 18
2
autoexpunge problems
Hello,
I tried to use the new autoexpunge for my Trash folders
I had in 15-mailboxes.conf
mailbox Trash {
special_use = \Trash
auto = subscribe
}
(dovecot -n of the original config is below)
and added just the line
autoexpunge = 1h
Just a short period on my test system.
But it failed. In the log I see
Dec 18 10:54:07 irams2 dovecot: imap(ms2test): Error: Failed to autoexpunge
2020 Mar 30
2
replication and spam removal ("doveadm expunge")
Hello everybody,
since now I did no replication and spam is delivered into users folder "spambox"
Every night there is a cronjob which deletes spam older than 30 days via something like
"find .... -ctime +30 -delete"
Now I'm going to set up replication (two way) and I thought that
doing "rm" is not a good idea.
So I modified the job to something like
2018 Apr 20
5
Sieve "redirect" changes envelope sender in 2.3. / pigeonhole 0.5
Hi (Stephan?),
is it a new feature of dovecot 2.3 /pigeonhole 0.5 that a sieve "redirect" changes the envelope sender of
a redirected mail or simply a bug ?
A sends mail to B, B redirects to C
C sees B (not A!) as envelope sender.
It is not a problem if C gets the mail but if that mail bounces
for various reasons it goes back to B and A will never know about this.
I thick this is came