A few day ago, something weird happened to me, my mail server which uses SMTP authentication was listed in CBL, and as a result of that also in spamhaus.
I spent time reviewing, reading sending mail, trying to find out what was wrong with my server since CBL just told me "In short, this IP is impersonating being a machine we know it cannot be. No properly configured mail server does this under any circumstances." It was hard for me to find the problem.
I checked my maillog form start to end and everything seemed right, then I checked which ports I had opened, and same thing all was ok. Then I started doing some google search about CBL listing I just got references saying it did not give a clear response why you get blocked. To some extent it was like being eyes folded.
After reading manual, instructions and many other stuffs I realized that my server name was incorrectly set up at first, I fixed the problem but it kept getting listed. So I kept looking, until I found that one of many sited made reference to DNSSTUFF dns report, which actually pointed some mistakes for my domain. I fixed them and it almost my third day and I haven't got blocked. If you are running virtual domains I will suggest you to run dns report for each one of your domains. Make sure that you IP has a reverse DNS set correctly.
May 22, 2007
May 20, 2007
Block login failures on Linux
If you a run linux server with ssh access and you need to block Ip addresses after certain number of attempts, then I would recomend you to use fail2ban which is a opensource module that need little customization in order to get it to run.
It runs a as a service on the background so it provides real time log supervision and it can check not only for ssh failed attempts but SMTP, HTTP, and others.
Here I will just explain how to make it check for failed ssh attempts on a fedora box.
from the command line type:
Server:# yum install fail2ban
This will install all the modules and software needed to install and run fail2ban.
Once installed it places the configuration file in /etc/fail2ban.conf
The with your favorite editor you can edit this file. It is well documentend and it needs little explanation how it works, but I'll give you the basic to block unwanted ssh access
[DEFAULT]
maxfailures = number of failures before IP gets banned. Defaults to 5. but you can set this value to whatever numer you would like
bantime = number of seconds an IP will be banned. If set to a negative value, IP will never be unbanned (permanent banning). Defaults to 600 (10 min).
ignoreip = space separated list of IP’s to be ignored by fail2ban. No default. here you can add you own IP address just to avoid getting blocked just in case you forget your password
then you can go to the ssh section and set enabled to true and add the corresponding value for the logfile variable
I hope this helps you to solve your security problem
It runs a as a service on the background so it provides real time log supervision and it can check not only for ssh failed attempts but SMTP, HTTP, and others.
Here I will just explain how to make it check for failed ssh attempts on a fedora box.
from the command line type:
Server:# yum install fail2ban
This will install all the modules and software needed to install and run fail2ban.
Once installed it places the configuration file in /etc/fail2ban.conf
The with your favorite editor you can edit this file. It is well documentend and it needs little explanation how it works, but I'll give you the basic to block unwanted ssh access
[DEFAULT]
maxfailures = number of failures before IP gets banned. Defaults to 5. but you can set this value to whatever numer you would like
bantime = number of seconds an IP will be banned. If set to a negative value, IP will never be unbanned (permanent banning). Defaults to 600 (10 min).
ignoreip = space separated list of IP’s to be ignored by fail2ban. No default. here you can add you own IP address just to avoid getting blocked just in case you forget your password
then you can go to the ssh section and set enabled to true and add the corresponding value for the logfile variable
[SSH]
enabled = true
logfile = /var/log/secure
port = ssh
timeregex = S{3}s{1,2}d{1,2} d{2}:d{2}:d{2}
timepattern = %%b %%d %%H:%%M:%%S
failregex = : (?:(?:Authentication failure|Failed [-/w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?PS*)
The fail2ban log can be found at /var/log/fail2ban.log unless you specify another location.I hope this helps you to solve your security problem
Apr 19, 2007
Postfix on fedora core 5
It's likely you are looking for a good tutorial that will teach you step by step how to install postfix with virtual users and smtp auth in order to avoid unauthorized SMTP relays.
Well I have installed postfix on a fedora core 5 box using a manual posted at howtoforge.com.
This tutorial will take you step by step, certain thing might fail (postfix compilation failed on my server so I downloaded the rpm provided by the tutorial) but yet, it will tell you what to do in that case.
In case that you don;t find a solution to a problem in the manual you can go to forums and post your problem and in less than a day you get a response from howtoforge.
The tutorial links is this. enjoy it:
http://www.howtoforge.com/fedora_virtual_postfix_mysql_quota_courier
Well I have installed postfix on a fedora core 5 box using a manual posted at howtoforge.com.
This tutorial will take you step by step, certain thing might fail (postfix compilation failed on my server so I downloaded the rpm provided by the tutorial) but yet, it will tell you what to do in that case.
In case that you don;t find a solution to a problem in the manual you can go to forums and post your problem and in less than a day you get a response from howtoforge.
The tutorial links is this. enjoy it:
http://www.howtoforge.com/fedora_virtual_postfix_mysql_quota_courier
Plesk control pannel limitations
When you purchase a hosting plan with a control panel you expect it to make your life easier.
Well it has not been my case, I got a server hosting with plesk control panel. First, plesk works with qmail, which is a little hard to configure. If you try to install other applications besides the ones that work with plesk, it might get corrupted as it happened to me.
I installed postfix with dovecot, but I had to remove courier-imap, after removing courier-imap, plesk stoped working.
So if you plan getting a server with a control panel I recommend you to search the web for limitations, and some other features your control panel might have.
Maybe swsoft improves plesk in the short future. It would be good to have a control panel that would allow you to configure (postfix, sendmail, qmail, etc) in such a way that with a few clicks you can multiple virtual domains running on a machine configure with plesk.
Subscribe to:
Posts (Atom)