Search found 5 matches

by wantsomegetsome
03 Jul 2015, 03:07
Forum: General Discussion (cxs)
Topic: Ignoring resources via cxs.ignore
Replies: 4
Views: 6129

Re: Ignoring resources via cxs.ignore

I would like to know this too. Can't use m option at the moment because of too many false positives.
by wantsomegetsome
26 Jun 2015, 14:45
Forum: Suggestions (csf)
Topic: Possible SMTPAUTH Attack Solution
Replies: 3
Views: 4961

Re: Possible SMTPAUTH Attack Solution

I ended up enabling FASTSTART in csf.conf I lowered DENY_IP_LIMIT to 2000. csf restarts in about 8 seconds. So, I set up a cron job to restart lfd & csf every 10 minutes. My firewall is down for about 8 seconds every 10 minutes while it is restarting which increases risk. I edited /usr/sbin/anti...
by wantsomegetsome
25 Jun 2015, 21:31
Forum: Suggestions (csf)
Topic: Possible SMTPAUTH Attack Solution
Replies: 3
Views: 4961

Re: Possible SMTPAUTH Attack Solution

Got excited and tried it out early. It partially worked. Stopped the smtpauth attack & e-mails and I was still able to send e-mail. Problem is csf & lfd must be restarted every time /etc/relayhosts changes in order to put them in /etc/exim.smtpauth So if someone authenticates using POP/IMAP ...
by wantsomegetsome
25 Jun 2015, 19:52
Forum: Suggestions (csf)
Topic: Possible SMTPAUTH Attack Solution
Replies: 3
Views: 4961

Re: Possible SMTPAUTH Attack Solution

Ok. I'm thinking I could...

1) Enable SMTPAUTH_RESTRICT in csf

2) Make exim config changes as outlined in /etc/csf/readme.txt

3) Symlink /etc/csf/csf.smtpauth to /etc/relayhosts

I'm going to wait a day before I try this to see if anyone has any warnings/suggestions before I give it a try.
by wantsomegetsome
25 Jun 2015, 18:26
Forum: Suggestions (csf)
Topic: Possible SMTPAUTH Attack Solution
Replies: 3
Views: 4961

Possible SMTPAUTH Attack Solution

Long ago my dial up ISP told me to insure I check POP before trying to send mail. Most e-mail applications do this in that order. How about monitoring successful POP3/IMAP logins and immediately adding the IP to say /etc/csf/csf.smtpauthallow say for X hours/days/configurable. Then only advertising ...