similar to: Re : Port based Block List

On Fri, 12 Apr 2019, mj wrote: > What we do is: use https://github.com/trick77/ipset-blacklist to block IPs > (from various existing blacklists) at the iptables level using an ipset. "www.blocklist.de" is a nifty source. Could you suggest other publically available blacklists? > That way, the known bad IPs never even talk to dovecot, but are dropped > immediately. We

Perhaps someone can help me understand why this is happening. I''m trying to write a script using ''shorewall iprange'' to parse some ip ranges into subnets so that i can place them into the blocklist. I keep getting an error when i run the script though. Here is the script: #!/bin/csh foreach i (`cat ipranges`) shorewall iprange $i >>

I've been running sendmail since the beginning of my online time. 1. Did I see that postfix can run sendmail milters? 2. If so, did I read that postfix can run these separately for inbound vs. outbound? 3. Can it run like a rbl blacklist on inbound and not outbound? 4. If the above is true, does this require separate configurations of postfix or is it already set to allow this out of the

I was wondering if i could stick a certain ip in the blocklist, but at the same time have an allow rule for http in the rules section. In other words i would like to block pretty much all access from a certain internet address except for http from the internal network. So does the rules file get parsed before the blacklist in the firewall to make this possible?

I've recently switched to using spamassassin via a sendmail milter, rather than using procmail to invoke it. This means that I get a number of messages appearing in my maillog, and then being reported by logwatch as unmatched entries. An example of such a messages is: Feb 27 04:33:09 quail sendmail[24780]: p1R4X46P024780[2]: URIBL blacklist\n\t* [URIs: tablettoxicspillsrx.ru]\n\t* 1.5

Hi, Is it possible to get Shorewall to reload the static blacklist file without resetting the packet and byte counters? I am following the guide at http://mudy.wordpress.com/2009/02/21/shorewall-blacklist-spamhaus-dshield/ to periodically generate a blacklist, but "shorewall -qq refresh -n blacklst" resets all my accounting. Is there a way to do this without resetting the counters? I

Somebody please forward this, if this is not an appropiate place to ask the OpenSSH developers for a new feature. As many of us have seen, any sshd left open on the internet eventually becomes the target of password guessing attacks. I am aware of tools for scanning the security logs, and manipulating iptables to block ongoing attacks, but I am not aware of a way to configure sshd itself to

Kanwar Ranbir Sandhu wrote: > Hi Everyone, > > I've had a few messages sent to the list bounce. Looks like the centos > mail server IP is blacklisted. Here's the error: > > Hi. This is the qmail-send program at yahoo.com. > I'm afraid I wasn't able to deliver your message to the following > addresses. > This is a permanent error; I've given up.

On 01/05/16 13:23, Alice Wonder wrote: > On 05/01/2016 05:10 AM, Alice Wonder wrote: >> >> I think this is my autism coming in to play, I think what is very clear >> to me I just am not able to adequately communicate because clearly >> people are not even remotely grasping what I am trying to convey. >> > > Basically whether it is a white list or a black list

--- lib/hivex.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 66 insertions(+), 15 deletions(-) diff --git a/lib/hivex.c b/lib/hivex.c index efc27f8..e3c1e05 100644 --- a/lib/hivex.c +++ b/lib/hivex.c @@ -208,6 +208,19 @@ struct ntreg_sk_record { char sec_desc[1]; /* security info follows */ } __attribute__((__packed__)); +struct

On 12/04/2019 08:42, Aki Tuomi via dovecot wrote: > On 12.4.2019 10.34, James via dovecot wrote: >> On 12/04/2019 08:24, Aki Tuomi via dovecot wrote: >> >>> Weakforced uses Lua so you can easily integrate DNSBL support into it. >> How does this help Dovecot block? >> A link to some documentation or example perhaps? >> >> >

I looked at the 1.3 whitelist documentation and realized that the ops example, while interesting in and of itself, did not do what I think a whitelist does. Back to symmetry, if a blacklist is a list of sites not allowed to connect in through the fire wall, maybe to a web server, for example, then a whitelist should be a list of machines that are allowed to access a service or services, again,

https://bugzilla.netfilter.org/show_bug.cgi?id=1719 Bug ID: 1719 Summary: ipset wrongly blocking undefined ranges and not blocking ranges that are defined Product: ipset Version: unspecified Hardware: All OS: RedHat Linux Status: NEW Severity: critical Priority: P5

On Tue, Jun 18, 2013 at 2:06 PM, Eli Bendersky <eliben at google.com> wrote: > > > > On Tue, Jun 18, 2013 at 12:03 PM, Sean Silva <silvas at purdue.edu> wrote: > >> Instead of a blacklist, why not a whitelist? Given the size of LangRef, >> you're bound to leave something out of your blacklist that needs to be >> there (also, future additions to

On 08/26/2015 12:11 PM, g wrote: > > > On 08/26/15 13:11, Valeri Galtsev wrote: >> On Wed, August 26, 2015 12:55 pm, James A. Peltier wrote: > <<>> > > something no one seems to have mentioned, so i will.. > >>> | >> Received: from mx2.loverhearts.com (mx2.loverhearts.com > > loverhearts.com is a single page that seems to do nothing. and

On Tue, Jun 18, 2013 at 12:03 PM, Sean Silva <silvas at purdue.edu> wrote: > Instead of a blacklist, why not a whitelist? Given the size of LangRef, > you're bound to leave something out of your blacklist that needs to be > there (also, future additions to LLVM IR will need to be added to the > blacklist; are you sure you can catch *all* of them?). A whitelist seems >

Dear All Please be informed that I tried to install the "Real VMX" application on my Cent OS client . I setup the environment variables and build kernel . Then I add the following entry to my /boot/grub/menu.lst : title Real VMX rootnoverify (hd0,0) kernel -type=netbsd /vmx I tried to reboot my Cent OS client and at the boot loader when I select "Real VMX" I got the

I''ve found the below rule, is it possible to use it with shorewall? I see how to setup the timing/rates but how to perform loggin of such action (a separate rule?). as an additional question is i possible to dynamically add hosts to blacklist and persist this between restarts? " SSH -A PREROUTING -m tcp -p tcp -d $EXTERNAL --dport 22 -m recent --rcheck --hitcount 3 --seconds 600 -j

On Thu, 4 Dec 2014, Gene Cumm wrote: > Ady has an excellent point. Try the following instead: > > LABEL test > MENU LABEL test > COM32 pxechn.c32 > APPEND pxebsd.0 Thanks, that works! How do I use that in the generic case? The ?pxebsd.0? file can be called as? ? PXE loader ? COMBOOT (16-bit) ? DOS .COM ? Multiboot (although it switches back to 16-bit mode

Instead of a blacklist, why not a whitelist? Given the size of LangRef, you're bound to leave something out of your blacklist that needs to be there (also, future additions to LLVM IR will need to be added to the blacklist; are you sure you can catch *all* of them?). A whitelist seems much less prone to breakage or unexpected behavior. -- Sean Silva -------------- next part -------------- An