Am 23.09.2011 15:13, schrieb Stan Hoeppner:
> On 9/22/2011 9:42 AM, Robert Schetterer wrote:
>
>> why not simply use clamav-milter with sanesecurity sigs
>> ( works like charme here )
>> so the stuff dont pass ever in mailboxes, if you dont like reject , then
>> hold for manual human admin interac
On 9/22/2011 9:42 AM, Robert Schetterer wrote:
why not simply use clamav-milter with sanesecurity sigs
( works like charme here )
so the stuff dont pass ever in mailboxes, if you dont like reject , then
hold for manual human admin interaction
Seems to me this could be done pretty easily with a
Am 2011-09-23 01:39, schrieb Rick Romero:
>
> Quoting Alex :
>
>> It [fail2ban] is a great tool. Unfortunately dovecot allows infinate
>> incorrect logins during a single session. When fail2ban has firewalled
>> the ip its pointless as the rule only affects new sessions
> [...]
> If that is a big
Quoting Alex :
It [fail2ban] is a great tool. Unfortunately dovecot allows infinate
incorrect logins during a single session. When fail2ban has
firewalled the ip its pointless as the rule only affects new
sessions, not established ones. I am disappointed that the author of
dovecot has no
It is a great tool. Unfortunately dovecot allows infinate incorrect logins
during a single session. When fail2ban has firewalled the ip its pointless as
the rule only affects new sessions, not established ones. I am disappointed
that the author of dovecot has no interest in adding a feature that
Am 22.09.2011 16:42, schrieb dove...@lists.grepular.com:
> On 22/09/11 15:39, Rick Romero wrote:
>
There are additional 'non-official' ClamAV signatures that are meant
to detect phishing attempts.
They do work, but aren't perfect.
>>>
>>> Got a link? Or are you thinking of the SaneS
On 22/09/11 15:39, Rick Romero wrote:
>>> There are additional 'non-official' ClamAV signatures that are meant
>>> to detect phishing attempts.
>>> They do work, but aren't perfect.
>>
>> Got a link? Or are you thinking of the SaneSecurity Signatures?
>
> Yep. The SaneSecurity Sigs.
We do use C
Am 22.09.2011 16:36, schrieb Ralf Hildebrandt:
> * Rick Romero :
>
>> There are additional 'non-official' ClamAV signatures that are meant
>> to detect phishing attempts.
>> They do work, but aren't perfect.
>
> Got a link? Or are you thinking of the SaneSecurity Signatures?
>
>> I'm fortunate
* Rick Romero :
> >I usually use doveadm for this.
>
> I'm slow to adopting new technology :) I would definitely do it if
> I wasn't still running plain old Maildir.
It's working on plain old Maildir :)
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsme
Quoting Ralf Hildebrandt :
* Rick Romero :
There are additional 'non-official' ClamAV signatures that are meant
to detect phishing attempts.
They do work, but aren't perfect.
Got a link? Or are you thinking of the SaneSecurity Signatures?
Yep. The SaneSecurity Sigs.
I'm fortunate eno
* Rick Romero :
> There are additional 'non-official' ClamAV signatures that are meant
> to detect phishing attempts.
> They do work, but aren't perfect.
Got a link? Or are you thinking of the SaneSecurity Signatures?
> I'm fortunate enough to be on the phishing list, so I wrote a quickie
> per
Quoting Mike Cardwell :
On 22/09/11 15:21, Ralf Hildebrandt wrote:
Perhaps, if you have a list of the plain text passwords in advance you
could use ClamAV. In our case, we don't as we're using an AD. I actually
copied the ClamAV tcp and local interface API so that any MTA which can
plug in to
> Perhaps, if you have a list of the plain text passwords in advance you
> could use ClamAV.
No, clamav is supposed to find stuff that looks like "social security
numbers". It's probably harder with usernames (especially if the
username is by chance a real word)
> In our case, we don't as we're u
On 22/09/11 15:21, Ralf Hildebrandt wrote:
>> The University I work at was suffering from this a *lot*. Phishers kept
>> contacting our users pretending to be from our IT helpdesk asking users
>> to reply with their login details so that their mailbox could be
>> refreshed or so their quota could
* Mike Cardwell :
> The University I work at was suffering from this a *lot*. Phishers kept
> contacting our users pretending to be from our IT helpdesk asking users
> to reply with their login details so that their mailbox could be
> refreshed or so their quota could be fixed and other such thing
Am 19.09.2011 19:05, schrieb Rick Baartman:
> From my secure log:
>
> Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user
> unknown
> Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication
> failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ff
On 22/09/11 15:08, Charles Marcus wrote:
> The only attack I haven't figured out how to eliminate is the
> social/phishing attack, where $DumbUser gives out their username
> password voluntarily... although I have been considering faking a
> phishing attack on my own users, and flagging the ones w
Fail2Ban is an excellent tool to deal with this sort of thing.
On Mon, 19 Sep 2011 10:05:47 -0700, Rick Baartman wrote
> >From my secure log:
>
> Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check
> pass; user unknown
> Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth):
* Rick Baartman :
> From my secure log:
>
> Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user
> unknown
> Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication
> failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=:::64.31.19.48
> Sep 19 0
On 2011-09-19 1:05 PM, Rick Baartman wrote:
From my secure log:
Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user
unknown
Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication
failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=:::64.31
20 matches
Mail list logo
