[prev in list] [next in list] [prev in thread] [next in thread]
List: opensuse
Subject: Re: [opensuse] dictionary attacks
From: John Andersen <jsa () pen ! homeip ! net>
Date: 2007-07-30 18:53:49
Message-ID: 200707301053.50678.jsa () pen ! homeip ! net
[Download RAW message or body]
On Sunday 29 July 2007, Patrick Shanahan wrote:
> * Richard Creighton <ricreig@gmail.com> [07-29-07 15:46]:
> > I don't think he wants to block off the public, just someone he has
> > detected abusing.
>
> exactly and I am presently using fail2ban to block:
>
> [postfix-tcpwrapper]
>
> enabled = true
> filter = postfix
> action = hostsdeny[file=/etc/hosts.deny]
> mail[name=Postfix, dest=postmaster@localhost]
> logpath = /var/log/mail
> bantime = 300
>
> which places 554 rejection ip into /etc/hosts.deny, but the firewall
> action denying rogue ssh attempts is cleaner, requires less resources
> and sees the ip sooner.
>
> is this correct:
> FW_SERVICES_ACCEPT_EXT="0/0,tcp,25,,hitcount=3,blockseconds=120
A better way to do this is with Postfix Anvil. Its already designed into
postfix, so why re-invent the wheel? It does it in the proper way.
--
_____________________________________
John Andersen
[Attachment #3 (application/pgp-signature)]
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic