Menu
▾
▴
Re: [SSHGuard-users] Blocking IP with Postifx
|
From: <li...@la...> - 2016-06-26 14:31:25
|
Are these really events that you want to trigger a block? I see the "from unknown" message from time to time and haven't investigated it to see if it is associated with bad intent. What I would want to block are the password guessers. The thing with sshguard is it only has one blocking table. At the moment, I only block port 22 no matter what event triggered it. So how would you set up your firewall implementation of the block list? Would you block the IP address totally? Or just 22 and all mail ports? Postfix has a throttling feature to slow down traffic that is repeatably coming from one IP. I had set up a script to trigger it just to see if it works. This keeps the password guessers from flooding the server, but there is no blocking. The thing with email is you don't want false positives. If you just block an IP address from a port, the sender doesn't get a message from the email server notifying that the email was rejected. They should eventually get a notice that the email didn't go through. People get cranky when email doesn't go through. It isn't like ssh, where only a small number of IP addresses should have access. Original Message From: Gerard Seibert Sent: Sunday, June 26, 2016 4:29 AM To: ssh...@li... Reply To: ssh...@li... Subject: [SSHGuard-users] Blocking IP with Postifx Normally, sshguard works perfectly with Postfix. It detects new IPs and blocks them as appropriate. However, there is one that it never blocks. This is the Postfix log entry (one of many) that relate to this IP. Jun 26 06:37:20 scorpio postfix/smtpd[98953]: warning: hostname 50-246-67-11-static.hfc.comcastbusiness.net does not resolve to address 50.246.67.11: hostname nor servname provided, or not known Jun 26 06:37:20 scorpio postfix/smtpd[98953]: connect from unknown[50.246.67.11] Jun 26 06:37:21 scorpio postfix/smtpd[98953]: disconnect from unknown[50.246.67.11] ehlo=1 quit=1 commands=2 Why is this particular IP not being added to the database and then blocked. I am running FreeBSD-11 / amd64 with Postfix: version 3.2-20160612 and sshguard 1.6.4 Is there a way to manually add the IP to the sshguard database? Thank you. :) -- Carmel ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ sshguard-users mailing list ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
