RE: [vchkpw] [SPAM] block vpopmail brute force
Hello, It seems good ! For such purpose I use this kind of rules iptables -P INPUT DROP ... iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT ... iptables -A INPUT -m state --state NEW -p TCP --dport 110 --syn -m limit --limit 3/s --limit-burst 3 -j ACCEPT ... iptables -A INPUT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT ... iptables -A INPUT -m state --state NEW -j DROP If more than 3 connection/sec on POP3 port, drop the packet (in fact the real rule is "drop everything except if less than 3/sec on POP3 port" ) -Original Message- From: John Stile [mailto:j...@stilen.com] Sent: jeudi 6 septembre 2012 08:04 To: vchkpw@inter7.com Subject: [vchkpw] [SPAM] block vpopmail brute force Has anyone experienced people trying to brute force vpopmail? I'm sick of it, so I cron'ed a little script others might enjoy. http://stilen.com/scripts/perl/vpopmail_fail2drop.pl Feedback appreciated. !DSPAM:50484d0434211692219258!
Re: [vchkpw] [SPAM] block vpopmail brute force
Hello! I am using fail2ban (http://www.fail2ban.org/wiki/index.php/Main_Page). Maybe it is useful for you, too. Best, Harti On 06 Sep 12, Thibault Richard wrote: > Hello, > > It seems good ! > > For such purpose I use this kind of rules > > iptables -P INPUT DROP > ... > iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > ... > iptables -A INPUT -m state --state NEW -p TCP --dport 110 --syn -m limit > --limit 3/s --limit-burst 3 -j ACCEPT > ... > iptables -A INPUT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT > ... > iptables -A INPUT -m state --state NEW -j DROP > > > If more than 3 connection/sec on POP3 port, drop the packet (in fact the real > rule is "drop everything except if less than 3/sec on POP3 port" ) > > > -Original Message- > From: John Stile [mailto:j...@stilen.com] > Sent: jeudi 6 septembre 2012 08:04 > To: vchkpw@inter7.com > Subject: [vchkpw] [SPAM] block vpopmail brute force > > Has anyone experienced people trying to brute force vpopmail? > > I'm sick of it, so I cron'ed a little script others might enjoy. > > http://stilen.com/scripts/perl/vpopmail_fail2drop.pl > > Feedback appreciated. > > > > > > > > > > !DSPAM:5048545334212031748905!
[vchkpw] 送信先変更のお願い
大変申し訳ございませんが、この電子メールアドレスは送信専用の為、 ご質問等は受付をいたしておりません。 お手数ですが、ご質問はhelpd...@sevenbank.co.jpまで お願いいたします。 --- セブン銀行 テレホンセンター 0088-21-1189(無料) 03-5610-7730(有料) helpd...@sevenbank.co.jp 受付時間 8:00〜21:00(年中無休) !DSPAM:504854a634211868788180!
Re: [vchkpw] [SPAM] block vpopmail brute force
On Thu, Sep 6, 2012 at 1:44 AM, Hartmut Wernisch | Domaintechnik.at <
h...@domaintechnik.at> wrote:
> I am using fail2ban (http://www.fail2ban.org/wiki/index.php/Main_Page).
> Maybe it is useful for you, too.
>
That's what I use too - works quite well - using this vpopmail.conf for the
filter configuration:
#---
# Fail2Ban configuration file
#
# Author: Chris Stone
#
# $Revision: 510 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag ""
can
# be used for standard IP/hostname matching and is only an alias
for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#
failregex = vchkpw-pop3: password fail.+:
vchkpw-submission: password fail.+:
vchkpw-smtp: password fail.+:
vchkpw-smtps: password fail.+:
vpopmail user not found.+:
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
#---
Chris
--
Chris Stone
AxisInternet, Inc.
www.axint.net
!DSPAM:5048cc4334219044220722!
[vchkpw] 送信先変更のお願い
大変申し訳ございませんが、この電子メールアドレスは送信専用の為、 ご質問等は受付をいたしておりません。 お手数ですが、ご質問はhelpd...@sevenbank.co.jpまで お願いいたします。 --- セブン銀行 テレホンセンター 0088-21-1189(無料) 03-5610-7730(有料) helpd...@sevenbank.co.jp 受付時間 8:00〜21:00(年中無休) !DSPAM:5048cdd234218413217583!
