Date: Wed, 30 May 2012 12:16:10 -0700 From: Patrick <gibblertron@gmail.com> To: Jorge Biquez <jbiquez@intranet.com.mx> Cc: freebsd-questions@freebsd.org Subject: Re: Firewall, blocking POP3 Message-ID: <CA%2BdWbmY8ev3wsiO8bzLYRvwVrdue5_QbVZbDrgw_qf-PFUQmmQ@mail.gmail.com> In-Reply-To: <3421248490-1670043744@intranet.com.mx> References: <3421246151-1670043725@intranet.com.mx> <201205301832.q4UIW3Io017126@mail.r-bonomi.com> <3421248490-1670043744@intranet.com.mx>
next in thread | previous in thread | raw e-mail | index | archive | help
See /usr/ports/security/py-fail2ban (http://www.fail2ban.org/). Used in conjunction with FreeBSD's ipfw or pf firewall facility, you can ban an attacking IP address for a set period of time after a configurable amount of failed attempts. Fail2ban watches your log files for you and then triggers some sort of action -- which can really be anything you can conceive of. Patrick On Wed, May 30, 2012 at 11:47 AM, Jorge Biquez <jbiquez@intranet.com.mx> wr= ote: > Hello. > > Thanks a lot!. Simple an elegant solution. > > I just did that and of course it worked.... I just was wondering... what = if > I need to have the service working BUT want to block those break attemps?= IN > this and other services. ? > My guess is that it is a never ending process? I mean, block one, block > another, another, etc? > > What the people who has big servers running for hosting services are doin= g? > Or you just have a policy of strng passworrds, server up-todate and let t= he > attemps to try forever? > > Thanks for the solution Mr Robert. > > Jorge Biquez > > > > > At 01:32 p.m. 30/05/2012, Robert Bonomi wrote: >> >> > From owner-freebsd-questions@freebsd.org =A0Wed May 30 13:16:37 2012 >> > Date: Wed, 30 May 2012 13:08:30 -0500 >> > To: freebsd-questions@freebsd.org >> > From: Jorge Biquez <jbiquez@intranet.com.mx> >> > Cc: >> > Subject: Firewall, blocking POP3 >> > >> > Hello all. >> > >> > I am sorry if the question is too basic. >> > >> > I have a personal small machine running >> > >> > =A0 =A0 FreeBSD 7.3-PRERELEASE #0: >> > >> > It runs as my web and email server for a cuple of domains. NO clients >> > no other users have access to it. >> > >> > Is there any , easy/faster way to stop POP3 from being working. I am >> > running qpopper to be able to download emailes. >> > I decided to use sendmail since only a few accounts are there and I >> > do not need more but in the last days the server has been under a big >> > attack where people is trying to guess users and passwords. I am >> > using a strong schema of passwords so no problem on that but I rather >> > to be sure . >> >> The mail -server- you use is irrelevant to how users retrieve mail. >> you can use sendmail and qpopper, or sendmail and an IMAP server, or >> sendmail and =A0webmail app, or postix and qpopper, or exim and qpopper, >> etc. >> >> >> All you have to do to disable qpopper is edit comment out the line in >> /etc/inetd.conf, and SIGHUP inetd. >> >> To re-enable when you need it, uncomment the line, and SIGHUP inetd agai= n. > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BdWbmY8ev3wsiO8bzLYRvwVrdue5_QbVZbDrgw_qf-PFUQmmQ>