Re: [qmailtoaster] a single domain on my server is under attack

Tue, 04 Feb 2025 06:12:23 -0800

Use some awk and gen a file to block using iptables or firewalld you could also use firewalld to limit connection 



firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp --dport 25 -m state --state NEW -m recent --set

firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 1 -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j REJECT --reject-with tcp-reset

firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 2 -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 7 -j REJECT --reject-with tcp-reset

firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 3 -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 200 --hitcount 15 -j REJECT --reject-with tcp-reset

firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 4 -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 2000 --hitcount 35 -j REJECT --reject-with tcp-reset

firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 5 -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 20000 --hitcount 120 -j REJECT --reject-with tcp-reset



Sent from my iPhone

On Feb 4, 2025, at 15:03, Tony White <t...@ycs.com.au> wrote:

 Hi Remo,
Have too many ip's to manually block.
Some 12000+ so far. Trying to script a log
scnner to locate CHKUSER then copy ip and use
iptables to block.

 
regards
Tony White

On 5/2/25 00:55, Remo Mattei wrote:
Iptables?

Block the ip
Sent from my iPhone

> On Feb 4, 2025, at 13:25, Tony White <t...@ycs.com.au> wrote:
>
>  Hi,
>   I have come to realise this is a battle I cannot win.
> A quick fix I did was edit the tcp.smtp to CHKUSER_WRONGRCPTLIMIT="3"
> and rebuild the tcp file.
>
> Seems to be working well enough but it frustrating though.
>
> regards
> Tony White
>
>
> On 4/2/25 22:28, b...@whitesindia.com wrote:
>> Hi Tony,
>>
>>
>> Are you using fail2ban? That helps to block usernotfound and password fails.
>>
>>
>> You can also use spamdyke to black list the domains and Ips
>>
>>   
>>
>> Some more info about what kind of attack you are facing can help in finding solutions.
>>
>>   
>>
>> Biju Jose
>> Mobile : 989 5990 272
>>
>>
>>
>>
>>
>>   
>>
>> From: Tony White<t...@ycs.com.au> 
>> Sent: 04 February 2025 16:43
>> To:qmailtoaster-list@qmailtoaster.com
>> Subject: [qmailtoaster] a single domain on my server is under attack
>>
>>   
>>
>> Hi Folks,
>>    Can someone please suggest how to stop/slow/reject this issue to a single domain?
>> I have slowed it as far as I can but cannot stop it.
>>
>> TIA :(
>>
>>
>>
>

Reply via email to