Mailinglist Archive: opensuse (1632 mails)
| < Previous | Next > |
Re: [opensuse] dictionary attacks
- From: John Andersen <jsa@xxxxxxxxxxxxxx>
- Date: Mon, 30 Jul 2007 10:53:49 -0800
- Message-id: <200707301053.50678.jsa@xxxxxxxxxxxxxx>
On Sunday 29 July 2007, Patrick Shanahan wrote:
> * Richard Creighton <ricreig@xxxxxxxxx> [07-29-07 15:46]:
> > I don't think he wants to block off the public, just someone he has
> > detected abusing.
>
> exactly and I am presently using fail2ban to block:
>
> [postfix-tcpwrapper]
>
> enabled = true
> filter = postfix
> action = hostsdeny[file=/etc/hosts.deny]
> mail[name=Postfix, dest=postmaster@localhost]
> logpath = /var/log/mail
> bantime = 300
>
> which places 554 rejection ip into /etc/hosts.deny, but the firewall
> action denying rogue ssh attempts is cleaner, requires less resources
> and sees the ip sooner.
>
> is this correct:
> FW_SERVICES_ACCEPT_EXT="0/0,tcp,25,,hitcount=3,blockseconds=120
A better way to do this is with Postfix Anvil. Its already designed into
postfix, so why re-invent the wheel? It does it in the proper way.
--
_____________________________________
John Andersen
> * Richard Creighton <ricreig@xxxxxxxxx> [07-29-07 15:46]:
> > I don't think he wants to block off the public, just someone he has
> > detected abusing.
>
> exactly and I am presently using fail2ban to block:
>
> [postfix-tcpwrapper]
>
> enabled = true
> filter = postfix
> action = hostsdeny[file=/etc/hosts.deny]
> mail[name=Postfix, dest=postmaster@localhost]
> logpath = /var/log/mail
> bantime = 300
>
> which places 554 rejection ip into /etc/hosts.deny, but the firewall
> action denying rogue ssh attempts is cleaner, requires less resources
> and sees the ip sooner.
>
> is this correct:
> FW_SERVICES_ACCEPT_EXT="0/0,tcp,25,,hitcount=3,blockseconds=120
A better way to do this is with Postfix Anvil. Its already designed into
postfix, so why re-invent the wheel? It does it in the proper way.
--
_____________________________________
John Andersen
| < Previous | Next > |