On 5/28/24 12:33, Carlos E. R. wrote:
I know that some of the admins that installed mailman in our system repent from that decision and wouldn't repeat it.
Hyperkitty has a security hole, which is allowing people that identify as google users to post here with just that authentication. This feature should be removed.
Indeed, in the low volume Spanish mail list, I have hyperkitty under moderation, meaning more work for me.
Yes, <soapbox> and seriously, I noticed a huge upsurge in not only spam, but in direct server intrusion attempts during the past six-months or so. I had 3 kids grow up during the early gaming craze (say 2005 - present). The kids e-mails/accounts associated with the server are used in intrusion attempts from all over the globe. iptables, fail2ban and ipset has been an excellent combination in minimizing the attempts. There is an automatic whois run on intrusion attempts and aside from the normal RIPE (Kazakhstan, etc..), APNIC, AFRINIC addresses, I've seen an explosion in both spam and intrusion attempts from LACNIC and South American countries, Brazil, Mexico, the Caribbean islands, etc.. There are a huge number of foreign actors setting up server farms to take advantage of that region. I like the granularity of the iptables, fail2ban and ipset combination to catch repeated intrusion attempts and drop traffic from those addresses. ipset provides an excellent way to manage your own black and white list sets based on net blocks (CIDR) or individual IPs. Repeat offenders from /24 networks earn a spot in the block list. Some /16 networks do as well, but I worry about future legitimate companies that may buy servers in that netblock. nftables provides a good wrapper around iptables, fail2ban and ipset functionality with good default sets provided. But since I started with iptables and then integrated fail2ban and ipset to work they way I wanted it to, I've just stuck with it. If I were starting over again, I'd use nftables. </soapbox> Hopefully they get a handle on the hyperkitty holes that are letting the spammers through. Also, if you are running a server, give a hard look at nftables, or go the manual iptables, fail2ban, ipset route. SuseFirewall is fine too, but I always found it a bit difficult when trying to fine tune for server use. -- David C. Rankin, J.D.,P.E.