On Sat Jul 29 2017 13:44:53 GMT-0400 (Eastern Standard Time), Doug
Barton wrote:
> On 07/25/2017 07:54 AM, mj wrote:
>> Since we implemented country blocking,
>
> Please don't do that. Balkanizing the Internet doesn't really benefit
> anyone, and makes innovation a lot more difficult.
Your use
From: Olaf Hopp
Davide,
yours is all postfix and thus has got no overlap with dovecot.
So no interference.
Olaf
Yes, I know, but I preferred not to give anything for granted ;-)
Many Thanks Olaf!
On 07/29/2017 01:34 PM, Davide Marchi wrote:
Hi to all,
@Olaf Hopp I've this filter enabled for fail2ban, my question is: could my
filters overlap or interfere with those suggested by you?
this is my filter:
Davide,
yours is all postfix and thus has got no overlap with dovecot.
So no interf
Am 29.07.2017 um 20:29 schrieb mj:
> Hi Doug,
>
> On 07/29/2017 07:44 PM, Doug Barton wrote:
>> Instead, take a look at the fail2ban scenarios in this thread, which
>> solve the actual problem with a precision tool, instead of a hammer.
>
> I have implemented (most of) those as well, and addition
won't let me opt out.
bgp.he.net is one way to get IP space listings.
Original Message
From: li...@merit.unu.edu
Sent: July 29, 2017 11:39 AM
To: dovecot@dovecot.org
Subject: Re: under another kind of attack
On 07/29/2017 07:44 PM, Doug Barton wrote:
> On 07/25/2017 07:54 AM, mj wr
On 07/29/2017 07:44 PM, Doug Barton wrote:
On 07/25/2017 07:54 AM, mj wrote:
Since we implemented country blocking,
Please don't do that. Balkanizing the Internet doesn't really benefit
anyone, and makes innovation a lot more difficult.
Perhaps I need to be more specific:
I block certain
Hi Doug,
On 07/29/2017 07:44 PM, Doug Barton wrote:
Instead, take a look at the fail2ban scenarios in this thread, which
solve the actual problem with a precision tool, instead of a hammer.
I have implemented (most of) those as well, and additionally choose to
also block certain countries. It
On 07/25/2017 07:54 AM, mj wrote:
Since we implemented country blocking,
Please don't do that. Balkanizing the Internet doesn't really benefit
anyone, and makes innovation a lot more difficult.
Instead, take a look at the fail2ban scenarios in this thread, which
solve the actual problem wit
Hi to all,
@Olaf Hopp I've this filter enabled for fail2ban, my question is: could
my filters overlap or interfere with those suggested by you?
this is my filter:
Contents of /etc/fail2ban/jail.conf:
[postfix]
# Ban for 10 minutes if it fails 6 times within 10 minutes
enabled = true
port
(I think I am testing other readers' patience, so if you want to
follow-up, you can Email me directly.)
but how often do you have to type your username ?
Not often, but I'm not talking the typical case. The larger the
population you serve, the more circumstances you'll have to cover.
Only
On 07/26/2017 10:01 PM, Joseph Tam wrote:
Olaf Hopp wrote:
And I have a new one just for "unknown user" and here my bantime and findtime
are much bigger and the retries are just '2'. So here I'm much harsher.
I'll keep an eye on my logs and maybe some more twaeking is necessary.
Just be care
On 07/27/2017 05:19 AM, James Brown wrote:
On 26 Jul 2017, at 7:57 pm, Olaf Hopp wrote:
Dear collegues,
many thanks for your valuable input.
Since we are an university GEO-IP blocking is not an option for us.
Somestimes I think it should ;-)
My "mistake" was that I had just *one* fail2ban
> On 26 Jul 2017, at 7:57 pm, Olaf Hopp wrote:
>
> Dear collegues,
>
> many thanks for your valuable input.
>
> Since we are an university GEO-IP blocking is not an option for us.
> Somestimes I think it should ;-)
>
> My "mistake" was that I had just *one* fail2ban filter for both cases:
> "
Olaf Hopp wrote:
And I have a new one just for "unknown user" and here my bantime and findtime
are much bigger and the retries are just '2'. So here I'm much harsher.
I'll keep an eye on my logs and maybe some more twaeking is necessary.
Just be careful about typos (like twaeking!): users cou
On 26/07/2017 10:57, Olaf Hopp wrote:
> I'll keep an eye on my logs and maybe some more twaeking is
> necessary.
Twerking?
> So this doesn't look very well coordinated between the bots ;-)
Bots are cheap - free, basically, because they are stolen. Most
bruteforce attacks are crap; they try the
Dear collegues,
many thanks for your valuable input.
Since we are an university GEO-IP blocking is not an option for us.
Somestimes I think it should ;-)
My "mistake" was that I had just *one* fail2ban filter for both cases:
"wrong password" and "unknown user".
Now I have two distinct jails:
T
On 2017-07-25 09:37, Olaf Hopp wrote:
But the rate at which they
are knocking
is very very low. So fail2ban will never catch them.
For example one IP:
Jul 25 14:03:17 irams1 dovecot: auth-worker(2212):
pam(eurodisc,101.231.247.210,): unknown user
Jul 25 15:16:36 irams1 dovecot: auth-worker(1104
Olaf Hopp writes:
I have dovecot shielded by fail2ban which works fine. But since a few
days I see many many IPs per day knocking on my doors with wron
password and/or users. But the rate at which they are knocking is very
very low. So fail2ban will never catch them.
Slow roll distributed
"mourik jan c heupink" writes:
On 07/24/2017 04:51 AM, Joseph Tam wrote:> You are essentially writing your own
backend by taking over
authentication. You'll be accepting user/password inputs into your
checkpassword executable, then use the LDAP API (or some other system...snip
and source add
Am 25.07.2017 um 16:54 schrieb mj:
> Hi Olaf,
>
> Since we implemented country blocking, everything seems nicely under
> control, with only 'normal levels' of knocking.
>
> We first have impemented:
> http://blog.jeshurun.ca/technology/block-countries-ubuntu-iptables-xtables-geoip
>
>
> Then we
Am 25.07.2017 um 16:37 schrieb Olaf Hopp:
> Hi folks,
>
> "somehow" similar to the thread "under some kind oof attack" started by
> "MJ":
>
> I have dovecot shielded by fail2ban which works fine.
> But since a few days I see many many IPs per day knocking on
> my doors with wron password and/or u
Olaf Hopp wrote on 25.07.2017 16:37:
Hi folks,
"somehow" similar to the thread "under some kind oof attack" started
by "MJ":
I have dovecot shielded by fail2ban which works fine.
But since a few days I see many many IPs per day knocking on
my doors with wron password and/or users. But the rat
On Tue, Jul 25, 2017 at 04:37:23PM +0200, Olaf Hopp wrote:
Hi folks,
"somehow" similar to the thread "under some kind oof attack" started by "MJ":
I have dovecot shielded by fail2ban which works fine.
But since a few days I see many many IPs per day knocking on
my doors with wron password and/o
Hi Olaf,
Since we implemented country blocking, everything seems nicely under
control, with only 'normal levels' of knocking.
We first have impemented:
http://blog.jeshurun.ca/technology/block-countries-ubuntu-iptables-xtables-geoip
Then we did:
https://github.com/firehol/blocklist-ipsets
An
Hi folks,
"somehow" similar to the thread "under some kind oof attack" started by "MJ":
I have dovecot shielded by fail2ban which works fine.
But since a few days I see many many IPs per day knocking on
my doors with wron password and/or users. But the rate at which they are
knocking
is very ve
25 matches
Mail list logo
