Re: blocking 465 connections to mail server for specific IP address without using fail2ban

To: debian-user@lists.debian.org
Subject: Re: blocking 465 connections to mail server for specific IP address without using fail2ban
From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
Date: Sun, 23 Jun 2019 08:02:48 +1000
Message-id: <[🔎] f60f4907-a191-5677-8137-3406ca24990c@affinityvision.com.au>
In-reply-to: <[🔎] 72058ec5-d1dc-65d4-970d-fce1425db157@affinityvision.com.au>
References: <[🔎] bb5203b6-88e3-6e1f-bcdd-ea928ddb844a@affinityvision.com.au> <[🔎] f09e267b-f6b2-167d-5161-41eb6d8dcca7@mail.com> <[🔎] 4bd93a24-06ee-a971-2b25-974a2feb59af@affinityvision.com.au> <[🔎] 72058ec5-d1dc-65d4-970d-fce1425db157@affinityvision.com.au>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The script needs more work.... it is not exim4-exploiters, it is for
repeated failed logins.

As it is now, it will treat any single failure as one to ban and that
is only going to cause trouble.  Although users should be logged in
normally and will likely have passwords saved in their clients so when
they try to send emails, they can only do so as authenticated and they
will be properly authenticated every time unless they are manually
logging in to simple do an smtp auth send.... so it might not be so
bad, I may just need to rename the ipsets, but I'll think about it
some more.

Anyway, it's a good start.

Cheers
A.
-----BEGIN PGP SIGNATURE-----

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXQ6lgwAKCRCoFmvLt+/i
+0d1AP9tNbfrC62Ts/dWoDFaGH18qa05IvvUyiZnIb82zZtN4gEAoKNToikHpnaW
DQuxWFxLjruS3NWgMIKv/H3xiXZsqRE=
=JJ18
-----END PGP SIGNATURE-----

Reply to:

References:
- blocking 465 connections to mail server for specific IP address without using fail2ban
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: blocking 465 connections to mail server for specific IP address without using fail2ban
  - From: john doe <johndoe65534@mail.com>
- Re: blocking 465 connections to mail server for specific IP address without using fail2ban
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: blocking 465 connections to mail server for specific IP address without using fail2ban
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>

Prev by Date: Re: Off topic: remaja (teens)
Next by Date: Off topic: Carbon. Was: Off topic: remaja (teens)
Previous by thread: Re: blocking 465 connections to mail server for specific IP address without using fail2ban
Next by thread: Re: Net::DNS::Nameserver
Index(es):
- Date
- Thread