I decided that I didn't need to figure out whether fail2ban or iptables
(not using firewalld or ufw) was working together correctly for sendmail.
It seems to work fine on other services. For example, I did an ssh session
from another machine, banned the IP and then watched the established
session
On 04/05/2021 00:07, Kenneth Porter wrote:
--On Monday, May 03, 2021 5:15 PM -0400 Clive Jacques
wrote:
Fail2ban should be more
explicit in that it doesn't kill existing connections, only new ones.
And
you kind of think it would ban existing connections.
That's not really fail2ban's
--On Monday, May 03, 2021 5:15 PM -0400 Clive Jacques
wrote:
Fail2ban should be more
explicit in that it doesn't kill existing connections, only new ones. And
you kind of think it would ban existing connections.
That's not really fail2ban's fault. I assume you're using firewalld, and it
do
I could try and integrate conntrack, but it's not built into fail2ban,
which is bothersome.
Sendmail is an unusual daemon in that it permits a connection to remain
open for a while. fail2ban does a great job with things that poke around
ssh, for example. But watching a rotating batch of IP's in t
yeah. I've been thinking that (Postfix) is probably the better solution.
But it still bugs me that fail2ban doesn't have a built-in ability to be
more aggressive about cutting TCP connections which are obviously
malicious.
On Mon, May 3, 2021 at 10:48 AM Kenneth Porter
wrote:
> --On Monday, May
Am 03.05.2021 um 16:47 schrieb Kenneth Porter:
I haven't found anything on rate-limiting it except as an anti-spam
measure.
However, sendmail runs milter. They made for sendmail native.
There is milter-greylist, which have "rcptcount".
You can cause a abort after a number of RCPT TO: from
As a long time mail server admin, I can confirm postfix is amazing, and has
a wonderful ecosystem of tools to enhance different aspects. Other
alternatives could be Courier-MTA by Sam Varshavshik, but the Postfix
community is way more positive.
On Mon, May 3, 2021 at 11:53 AM Kenneth Porter
wrot
--On Monday, May 03, 2021 2:05 PM +0100 Darac Marjal
wrote:
If sendmail can't do that (I'm struggling to find
decent documentation for it), consider replacing sendmail with exim or
postfix - both of which DO have this capability.
I learned sendmail using the "bat book" from O'Reilly. (Popula
On 02/05/2021 22:57, Clive Jacques wrote:
> Hi all,
>
> I've been using fail2ban for a while. Recently, I noticed a couple of
> IPs which are attempting to attack our sendmail server. They connect
> and then issue lots of RCPT TO commands, trying to see who will be
> accepted. Sendmail rejects
On 5/2/2021 11:49 PM, Nick Howitt wrote:
I think you have to use "conntrack" to dump existing connections from
the firewall.
Interesting. That's a feature of conntrack-tools:
https://conntrack-tools.netfilter.org/faq.html
___
Fail2ban-users mail
On 03/05/2021 07:49, Nick Howitt wrote:
On 03/05/2021 01:57, Kenneth Porter wrote:
--On Sunday, May 02, 2021 6:57 PM -0400 Clive Jacques
wrote:
fail2ban notices the failures and
bans the offending IP in sendmail-reject and shortly thereafter in
recidive, but the established connection i
I think you have to use "conntrack" to dump existing connections from
the firewall.
On 03/05/2021 01:57, Kenneth Porter wrote:
--On Sunday, May 02, 2021 6:57 PM -0400 Clive Jacques
wrote:
fail2ban notices the failures and
bans the offending IP in sendmail-reject and shortly thereafter in
--On Sunday, May 02, 2021 6:57 PM -0400 Clive Jacques
wrote:
fail2ban notices the failures and
bans the offending IP in sendmail-reject and shortly thereafter in
recidive, but the established connection is not dumped and they keep
testing user names.
What action are you using? Which firewall
Hi all,
I've been using fail2ban for a while. Recently, I noticed a couple of IPs
which are attempting to attack our sendmail server. They connect and then
issue lots of RCPT TO commands, trying to see who will be accepted.
Sendmail rejects them because the inquiring server is listed in Spamhaus
14 matches
Mail list logo
