Re: under another kind of attack

2017-07-26 Thread James Brown
> On 26 Jul 2017, at 7:57 pm, Olaf Hopp wrote: > > Dear collegues, > > many thanks for your valuable input. > > Since we are an university GEO-IP blocking is not an option for us. > Somestimes I think it should ;-) > > My "mistake" was that I had just *one* fail2ban filter for both cases: > "

Re: failed to store into mailbox 'INBOX/Junk': Permission

2017-07-26 Thread Davide Marchi
From: Thomas Leuxner cat /etc/dovecot/dovecot-acl * user=book...@hotelsangiorgioriccione.com lrwsi * user=i...@hotelsangiorgioriccione.com lrwsi Hi Davide, For LMTP to file the mails you need to add the p flag (POST). Well, I've added the "p" flag and now I will monitor the situation ;-) PS

Re: under another kind of attack

2017-07-26 Thread Joseph Tam
Olaf Hopp wrote: And I have a new one just for "unknown user" and here my bantime and findtime are much bigger and the retries are just '2'. So here I'm much harsher. I'll keep an eye on my logs and maybe some more twaeking is necessary. Just be careful about typos (like twaeking!): users cou

Re: under another kind of attack

2017-07-26 Thread jack
On 26/07/2017 10:57, Olaf Hopp wrote: > I'll keep an eye on my logs and maybe some more twaeking is > necessary. Twerking? > So this doesn't look very well coordinated between the bots ;-) Bots are cheap - free, basically, because they are stolen. Most bruteforce attacks are crap; they try the

Re: Return extra fields from passwd userdb

2017-07-26 Thread Michele Petrella
Thank you very much Steffen! It finally works! I have 2 ldap dbs in my system, the first for inetOrgPerson class and the second for system specific class attributes. So I introduce another userdb section: -- ## ## User data

Re: under another kind of attack

2017-07-26 Thread Olaf Hopp
Dear collegues, many thanks for your valuable input. Since we are an university GEO-IP blocking is not an option for us. Somestimes I think it should ;-) My "mistake" was that I had just *one* fail2ban filter for both cases: "wrong password" and "unknown user". Now I have two distinct jails: T

Re: failed to store into mailbox 'INBOX/Junk': Permission denied

2017-07-26 Thread Thomas Leuxner
* Davide Marchi 2017.07.26 10:25: > cat /etc/dovecot/dovecot-acl > * user=book...@hotelsangiorgioriccione.com lrwsi > * user=i...@hotelsangiorgioriccione.com lrwsi Hi Davide, For LMTP to file the mails you need to add the p flag (POST). Regards Thomas signature.asc Description: PGP signature

Re: failed to store into mailbox 'INBOX/Junk': Permission denied

2017-07-26 Thread Davide Marchi
Steffen Kaiser ha scritto: Does INBOX/Junk already exists? Yes, (but empty): find /var/vmail/hotelsangiorgioriccione.com/info/ |grep INBOX /var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX /var/vmail/hotelsangiorgioriccione.com/info/Maildir/.INBOX/Trash /var/vmail/hotelsangiorgioricci