From owner-freebsd-questions@FreeBSD.ORG Wed May 30 19:16:11 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AAEB61065670 for ; Wed, 30 May 2012 19:16:11 +0000 (UTC) (envelope-from gibblertron@gmail.com) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by mx1.freebsd.org (Postfix) with ESMTP id 3C3C28FC16 for ; Wed, 30 May 2012 19:16:10 +0000 (UTC) Received: by wibhn6 with SMTP id hn6so129643wib.13 for ; Wed, 30 May 2012 12:16:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=R+9tmUbkvuccXjtr6xBGSJ0DlAI9ZPudG9DZ6wF/qIk=; b=KaQdzW5361lWcgmFwl4cQ1jly6uEQyud3tl3Bos+6a1IGejAmD1R/hVft9gyr8NyPx 74f6kkXWHgxlMu8Q1DHpxhy+I3Biijqpt1rI5vNOJMkygCqRNTePIxMxBrt3KFrsAjDo zCexUdCsW/AEGXKNAcamt2dGHKF9b3oNBQf2JLmWWEVOWS2GKcC+zeGNl5xgaD/ylPTL cR4UBJLqQfa1efgB/zHC1XSsv2Z+BeTZ4pkoTRh6wVgpeTs94IjLYcqD0cQ/LJISY11R PZ/RPhb3zE0WlAlPoKtyjz4kUbS30rx0i/aeOwX1SEA5NJN9MCcbmbGpca4Ij/loJIIB Y7Ug== MIME-Version: 1.0 Received: by 10.216.136.155 with SMTP id w27mr10410926wei.43.1338405370120; Wed, 30 May 2012 12:16:10 -0700 (PDT) Received: by 10.180.106.133 with HTTP; Wed, 30 May 2012 12:16:10 -0700 (PDT) In-Reply-To: <3421248490-1670043744@intranet.com.mx> References: <3421246151-1670043725@intranet.com.mx> <201205301832.q4UIW3Io017126@mail.r-bonomi.com> <3421248490-1670043744@intranet.com.mx> Date: Wed, 30 May 2012 12:16:10 -0700 Message-ID: From: Patrick To: Jorge Biquez Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: Firewall, blocking POP3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2012 19:16:11 -0000 See /usr/ports/security/py-fail2ban (http://www.fail2ban.org/). Used in conjunction with FreeBSD's ipfw or pf firewall facility, you can ban an attacking IP address for a set period of time after a configurable amount of failed attempts. Fail2ban watches your log files for you and then triggers some sort of action -- which can really be anything you can conceive of. Patrick On Wed, May 30, 2012 at 11:47 AM, Jorge Biquez wr= ote: > Hello. > > Thanks a lot!. Simple an elegant solution. > > I just did that and of course it worked.... I just was wondering... what = if > I need to have the service working BUT want to block those break attemps?= IN > this and other services. ? > My guess is that it is a never ending process? I mean, block one, block > another, another, etc? > > What the people who has big servers running for hosting services are doin= g? > Or you just have a policy of strng passworrds, server up-todate and let t= he > attemps to try forever? > > Thanks for the solution Mr Robert. > > Jorge Biquez > > > > > At 01:32 p.m. 30/05/2012, Robert Bonomi wrote: >> >> > From owner-freebsd-questions@freebsd.org =A0Wed May 30 13:16:37 2012 >> > Date: Wed, 30 May 2012 13:08:30 -0500 >> > To: freebsd-questions@freebsd.org >> > From: Jorge Biquez >> > Cc: >> > Subject: Firewall, blocking POP3 >> > >> > Hello all. >> > >> > I am sorry if the question is too basic. >> > >> > I have a personal small machine running >> > >> > =A0 =A0 FreeBSD 7.3-PRERELEASE #0: >> > >> > It runs as my web and email server for a cuple of domains. NO clients >> > no other users have access to it. >> > >> > Is there any , easy/faster way to stop POP3 from being working. I am >> > running qpopper to be able to download emailes. >> > I decided to use sendmail since only a few accounts are there and I >> > do not need more but in the last days the server has been under a big >> > attack where people is trying to guess users and passwords. I am >> > using a strong schema of passwords so no problem on that but I rather >> > to be sure . >> >> The mail -server- you use is irrelevant to how users retrieve mail. >> you can use sendmail and qpopper, or sendmail and an IMAP server, or >> sendmail and =A0webmail app, or postix and qpopper, or exim and qpopper, >> etc. >> >> >> All you have to do to disable qpopper is edit comment out the line in >> /etc/inetd.conf, and SIGHUP inetd. >> >> To re-enable when you need it, uncomment the line, and SIGHUP inetd agai= n. > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg"