Mailinglist Archive: opensuse (1632 mails)
| < Previous | Next > |
Re: [opensuse] dictionary attacks
- From: Patrick Shanahan <ptilopteri@xxxxxxxxx>
- Date: Mon, 30 Jul 2007 15:10:42 -0400
- Message-id: <20070730191042.GJ15875@xxxxxxxxxxxxxxx>
* Sloan <joe@xxxxxxxxxx> [07-30-07 14:58]:
> I'm curious about the mechanism by which fail2ban determines what is
> legitimate high volume mail, and what is spam... Unfortunately
> messages can bounce due to various causes on the receiving end,
> including users who have moved on but haven't let all their contacts
> know their new email address, or even hardware problems, network
> outages or configuration blunders.
a little quote trimming would be nice :^)
from my logs:
/var/log/mail:
Jul 30 14:13:06 wahoo postfix/smtpd[488]: connect from edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:18 wahoo postfix/smtpd[488]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=<sigbamboedyj@xxxxxxxxx> to=<paka@xxxxxxxxxxxxxxx> proto=ESMTP helo=<[83.14.202.194]>
Jul 30 14:13:18 wahoo postfix/smtpd[488]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=<sigbamboedyj@xxxxxxxxx> to=<pat@xxxxxxxxxxxxxxx> proto=ESMTP helo=<[83.14.202.194]>
Jul 30 14:13:27 wahoo postfix/smtpd[499]: connect from edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:38 wahoo postfix/smtpd[488]: lost connection after DATA from edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:38 wahoo postfix/smtpd[488]: disconnect from edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:40 wahoo postfix/smtpd[499]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=<sigbangnaidyj@xxxxxxxxxxx> to=<paka@xxxxxxxxxxxxxxx> proto=ESMTP helo=<[83.14.202.194]>
Jul 30 14:13:40 wahoo postfix/smtpd[499]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=<sigbangnaidyj@xxxxxxxxxxx> to=<pat@xxxxxxxxxxxxxxx> proto=ESMTP helo=<[83.14.202.194]>
/var/log/fail2ban:
2007-07-30 14:13:40,725 fail2ban.actions: WARNING [postfix-iptables] Ban 83.14.202.194
2007-07-30 14:28:40,930 fail2ban.actions: WARNING [postfix-iptables] Unban 83.14.202.194
--
Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
Registered Linux User #207535 @ http://counter.li.org
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
> I'm curious about the mechanism by which fail2ban determines what is
> legitimate high volume mail, and what is spam... Unfortunately
> messages can bounce due to various causes on the receiving end,
> including users who have moved on but haven't let all their contacts
> know their new email address, or even hardware problems, network
> outages or configuration blunders.
a little quote trimming would be nice :^)
from my logs:
/var/log/mail:
Jul 30 14:13:06 wahoo postfix/smtpd[488]: connect from edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:18 wahoo postfix/smtpd[488]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=<sigbamboedyj@xxxxxxxxx> to=<paka@xxxxxxxxxxxxxxx> proto=ESMTP helo=<[83.14.202.194]>
Jul 30 14:13:18 wahoo postfix/smtpd[488]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=<sigbamboedyj@xxxxxxxxx> to=<pat@xxxxxxxxxxxxxxx> proto=ESMTP helo=<[83.14.202.194]>
Jul 30 14:13:27 wahoo postfix/smtpd[499]: connect from edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:38 wahoo postfix/smtpd[488]: lost connection after DATA from edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:38 wahoo postfix/smtpd[488]: disconnect from edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:40 wahoo postfix/smtpd[499]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=<sigbangnaidyj@xxxxxxxxxxx> to=<paka@xxxxxxxxxxxxxxx> proto=ESMTP helo=<[83.14.202.194]>
Jul 30 14:13:40 wahoo postfix/smtpd[499]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=<sigbangnaidyj@xxxxxxxxxxx> to=<pat@xxxxxxxxxxxxxxx> proto=ESMTP helo=<[83.14.202.194]>
/var/log/fail2ban:
2007-07-30 14:13:40,725 fail2ban.actions: WARNING [postfix-iptables] Ban 83.14.202.194
2007-07-30 14:28:40,930 fail2ban.actions: WARNING [postfix-iptables] Unban 83.14.202.194
--
Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
Registered Linux User #207535 @ http://counter.li.org
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |