Menu
▾
▴
Re: [SSHGuard-users] OpenSMTPD and SSHGuard?
|
From: Gary <li...@la...> - 2018-05-27 02:34:33
|
"It's all about logs. No port are monitored by SSHGuard, I presume." But a firewall controls a port. Just because some IP is poking at my port 22, I don't want to block that same IP from port 25. If you really want to nitpick, your email should always be reachable. You agree to that when you get a domain. Now of course in practice there are many hurdles blocking email. I enable anvil on postfix. Good enough for me. I have most of the world blocked on all email ports other than 25. Note I completely block the xyz TLD, along with a number of other TLD know to be used by spammers. Well not block but reply a 550. I am not unique in this respect. Original Message From: julio@maranhao.xyz Sent: May 26, 2018 5:32 PM To: ssh...@li... Subject: Re: [SSHGuard-users] OpenSMTPD and SSHGuard? On 26 May 2018 at 19:41, Gary <li...@la...> wrote: > But getting back to SSHGuard, I never understood how to use it for both ssh and email ports. It's all about logs. No port are monitored by SSHGuard, I presume. > They are different attacks. Yes. Different objectives, apps and logs. But SSHGuard is not only ssh. It's actually a "MultiAppGuard" as writen in the website. > Just because some server is attacking ssh, do I really want to block that server's email? I didn't understand your doubt. But to clarify my case, I want to monitor three apps: an IMAP, an SMTP and an SSH server. SSHGuard (and Fail2Ban) method is to read and analyze the respective log files. What these apps have in common? Run in the same server and have access protection (login/passwd). SSHGuard can see in the logs all failed attempts to access the apps, so it can configure a firewall to block the offender access to the apps: block a port (or all ports) to some external IP. A good comparison is failed login attempts to an ATM or smartcard holding a digital certificate. Three (n) errors in a row will block access for a day (bank) or forever (smartcard). Did I help you? Júlio Sent via Migadu.com, world's easiest email hosting ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ sshguard-users mailing list ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
