From owner-freebsd-questions@freebsd.org Wed Sep 26 21:45:49 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 17BE410B75C2 for ; Wed, 26 Sep 2018 21:45:49 +0000 (UTC) (envelope-from peo@nethead.se) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 95B0C8FCCD for ; Wed, 26 Sep 2018 21:45:48 +0000 (UTC) (envelope-from peo@nethead.se) Received: by mailman.ysv.freebsd.org (Postfix) id 560AC10B75C1; Wed, 26 Sep 2018 21:45:48 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B63A10B75C0 for ; Wed, 26 Sep 2018 21:45:48 +0000 (UTC) (envelope-from peo@nethead.se) Received: from ns1.nethead.se (ns1.nethead.se [5.150.237.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ns1.nethead.se", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 980008FCCC for ; Wed, 26 Sep 2018 21:45:47 +0000 (UTC) (envelope-from peo@nethead.se) X-Virus-Scanned: amavisd-new at Nethead AB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nethead.se; s=NETHEADSE; t=1537998336; bh=LBOErFsYwyIHSmssRSIXxml20rwlZD79xgnUYaQsavI=; h=Subject:To:References:From:Date:In-Reply-To; b=Md9wVkZcE1JqJ7jcVGgBQedPXJCw415DjgFmkWQ+7kq6GMf2TLhyXs7dPUan7eKdP 4SC/u+eASTvc3RSuCX16KyTs1PlGqQ6+lTvwyU6xiQtpsUBOlHmR/5+GdvlTuNNmuD /vMSFqDQbeFeKSGMTqAxQWfmkwy13/iH1oxBh/Mo= Subject: Re: dictionary attacks check To: David Banning , questions@freebsd.org References: <20180926135329.GA24139@skytracker.ca> From: Per olof Ljungmark Openpgp: preference=signencrypt Autocrypt: addr=peo@nethead.se; prefer-encrypt=mutual; keydata= xsFNBFbrB5EBEADHiMFjO5RvZBFUaEtwATCbsWgYaUZC4fnjeznfnK9CFG1WdshLCJkN6XB5 cKPy2cX8vkRn+hfcqvOA6u/CVToBDL5Ztb0IQeg4y/6mAf+jhZMFboYZa/BYH5wpt5Yctx2e QW0J2KnyYBTBlszbza5oHg4SRA4rmGsVHOQpTnpdzlQUj4kgeZe85dsbRtew4Nmg9D1AOMzN 16pjtuvb4noi1aectcvhiIz2ploS3PaCNte+d4C0FMj/ARpf78tahWfXz1l4RC8Vh5P72A0o argnLkc/f0/z5yChsUQXJo1jpV9QWyqcUpEDucnOgKq63Digo9iwIpnBI0CIXr8OyZLxagBM MzeyqfBFo9AsRMztXXUnQWX7EDXCMZWEKRX2xrx7WnhE7ZejTBzwH4UclU7RNyoWPOlEv7qK cVrlEJsHWZf1SkbXq9evMGG4ft9XnHGM/Bg45f2wiSmw7J2bgWGyb2acWIwocHKpv/hkgieK NocTPHVAFuXL/Bu8NkH8VNwgKHu9iB2Bs3R3/jowU+Z7tqng+f9LeHFHxjjKWTK4zZLCxRfW EowJqVzttlTAXFWPStWNihwIyCl2Rc1V7goKdRvFQSoRUaQGEd0BOMMP2tcRMLQTe5CLlLKy W+Um1eefXf5tcQwxbuHAdb+BuFjbMt/QflYnUfdq1ivj5UMvpQARAQABzSNQZXIgb2xvZiBM anVuZ21hcmsgPHBlb0BuZXRoZWFkLnNlPsLBeQQTAQgAIwUCVusHkQIbLwYLCQgHAwIGFQgK CQsCBRYCAwEAAh4BAheAAAoJEFqmFcBAZ2uoWfQP/j00JMvW9hQ1e65eCJUYLQ3WmdY92/NT TihfRGw2cxwXNuZ3Ik7TvFfoYGx4UUuiUMMvYjHHcnUCLaNy7MoUtCPVPR4iYZAZHS0IQlg1 DtU6CgN/XcZ5jkjaF4HlkjlU5d7HW3nIzewetFm2HdjPeSwNjsjcLkna13NXgSx3eGmLIe6s 5IbSLbslb6EbfuLPgsQjsCpWRTy1lGsXfhQ4jzrZHSeFAk+n5QBITdAu97RdzjILWgBX1F6t 769qzOLuwtdn1cXG60wiNryHzHzLzZErst/zoFZaWINZ1jojCYQCa+hJPjr+UWI0eAKfrbSh k32HoXArI0apw6o8DXVH9qpUFvcmx6Tb36IRiTDxhG8QGJdXmi37oyC4zpPdYFSyh8cENE+m lpbYbTMA9ETJVQtz3qYl1fPjoqBJyVHxVfnKoYBIy4b6RPN0hrORh3RmS901cviuSLmNSe5/ WcVacwn+7idCSWEdFN6DW/ExTT1s3SLIRbDN2FscBASDQ61WF2rIJcDSH1nyFaNHbVeA4URf eUscB/4r+i0p3HWkvRRG/iurdcbmTTnQTgky6Kj5OWaEXPQFOaoOrx3GYipgvmDkVsUMwAQ3 t+uTnGjdPXfClCYsVZSQwui5wbqpuu6nNUVID437JqUOS6/P+y87khlFAvdpL52Orejx+7xE 2VHBzsFNBFbrB5EBEADD8+XYyEJhr/iIaK5ASHeLKAIEkN9ZZq7m4NkuCl32EHEZd5Fn//93 cxSAv8bg2Mp/WdSQ9nVjGMhLuRPCgyhygMzPbp2dDIYGhY7nFhD6I9w58KZ6KXH6FhC/AU8L riaWd7smMXk79+vWRIDdDHIx4Mf3xYbitPs5G6ujsfVSHwtcR9/P/J9byM90Bfxk9hrwA4LY WOxMP3ljiBcHaqjJ6IKYm1/O9Ab0L6E8Ud3cB1gLE9PMGHUgIkXerejsHhaOnGioFpY6xC9J OajR/WyiF2gpS5eJ6ZOh8UUiogAuNs0KIjLpgcRtqJbA+9ULWrKJqoN8VmdikaA5F+NoHVmJ uRwXwjWuUGnnsksof9lvn/sKkjeY+Knp9le61wGsKo6vp3qrVvocs/0p/8gKqf1cJDl+74hB 52/xN0rP02r72JEzQTDmPf82+kLj062L2th8BZSDyTv8oODFIRrMU2CLsalsQqh8qxVJfwLK uy6hA9sF0oV3a4xD7+Dt4hpRjINSKyC3PHuQ/VoRyAD3p7QeW2ooo7xGWyq6+xzS2vqkT2rp XyU1HM1mwJA8nJqPgnIJ80UbtLD1N1qYfmY/cBUuNEQB6MuVA8tgOZ7t7zdSYfILuKZtLJav mM9OxnhJihpm9m/mZCj9vzk58I/FpldVRgYJW+HOIF3Nb8jmGt0s1wARAQABwsN+BBgBCAAJ BQJW6weRAhsuAikJEFqmFcBAZ2uowV0gBBkBCAAGBQJW6weRAAoJEKVR/tmMfqiW1sMP/0nn mMgWy09CfC6yRBsMVCpmvt6+unxM++f6nGvsCKKJonsTguheREmQCbayvvt/rkqRikXrNcyq hfGlIJERR5vpu+aaJ23zSHVErno5V+HtYQgyai/tt4uURu9FNogPCGDxa5m3OXGKRSVVFSD0 lI2pO8AVZCsmbkdOMvMCrc5bgsxybsJKKQlF8n6Jfo3Fg6/0D/FstXz4dsqtAH89JaeuMfmT th30+IbsOdHzTPaRKRBeo1tCy7LhVnQl7xw2QoLyMrXhIGMcMszoI6A9gxvZwNWvdd8bDr5s w3NhnzyRjlIpRF+HyVgNCrd1IMs8U6H8fFxEX8OqKVLPkqzZQxxFcR3padydgR4/XjNiJasa l2N0QA55WNqSfgpthX9B1BuC8cKoMkr+/Hp9CEpT2GGKC7k5JXdZHtPaT/FAq4lqqh0ZWt8N dInYvVwLlEUDECzef/F2+wOcGTWPr4+d700SKVTbA76WOjPgrTihCMTfeVS1xXnjuCNCqz7y 117k3BT314G1afZtQeanV5oqs65BALVzFO/cvi14oYSB3qeXZiks/1TVBv4BjjFqxDXs4tjk 5UrA0Bni5BjpAWw+DpgoTxef5h1EcQUbnljw89T024Yt3BIPNEIJgZpsD3f/BsfywkRdZxRr g3LYPPIwC6EQK4t5i8nucfMLEEPvqtrBvDMP/RLaU+iIp4Fuugu6ans5DG8PL5l6IzMzIEh/ gOsu2EJ9wtszgASwTeC8+nYBQ/mkOJGBAepROdR4UmSpwL/yD3uhvtPcaPJwK5n+9xnDyHuq JvHXPq63mMxksgQLhDCIIA2rMSaHwsfTCkI4ZmnK5wIGFktagbJL1O2u9uHWTVV2qO4NnN1C DWItL513FEfxlsg4gSiiSpLujJQImIjqSpEvlI1kGRQAeUL0/Jh3e4OfedJvMB4fpgFzJsSB u6vgfCdqeOMQgH4I1GEUSA582aIWdsj8IoPgspJmWUQ0d8JNpGGhEJoCWxyHitOxvoQaxBSY jk92iVMtguYe9+sv8af7PUE3offwdSwncK9p6INhwMFXVAEpIPuLtM8EhKSgyYZ/zHP3Qvsm 1ZUwQUfD3P9vSf3Oo4yF/nZBkVDLpOlwjPKTG5bAkGlDJCQXzXMGaW1xQdOSOY+G7iZeWk4H 1csQCSBdZj3AMWejaUb5h9AuK06bUJCfx3+H/HTmYdnNsYDHmtzzSEM8MO5Bp+SqPsLXuDQu qsctjGW0+b+dg/VEMGOz042jd1p7jgcVLeO1hHEeh5ZYhtdviozIjZHuC6dfq/kAPQchy/iX rERGMxTOT8sKKQWzog0J7+U6iHs3ThXp0fc64+2VSVZZsMTfp9iaOLEIkx8OEl88SWPq2Dke Message-ID: Date: Wed, 26 Sep 2018 23:45:33 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.0.1 MIME-Version: 1.0 In-Reply-To: <20180926135329.GA24139@skytracker.ca> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2018 21:45:49 -0000 On 9/26/18 3:53 PM, David Banning wrote: > I just got an email bounce - reason; > > The sending IP (162.213.106.199) is listed on https://spamrl.com as a source of dictionary attacks. > > The first thing I did was run a check on mxmailbox.com which shows my server as clean from all sites checked. > I wonder what the best way is of checking my system to see if it is commiting these dictionary attacks. > > My system it somewhat older; > > FreeBSD 3s1.com 9.3-RELEASE FreeBSD 9.3-RELEASE #0 > > Any pointers would be helpful. Check your logs would be a good start.