1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Re: Knocking on the door

    From Marco Moock@21:1/5 to All on Fri May 17 16:00:02 2024
    Am 17.05.2024 um 15:49:52 Uhr schrieb Maurizio Caloro:

    Please i know that this arn't the Dovecot forum, but let me try, on
    the log's i have always knocking "unknown user" attempts.

    Best place should be the f2b list: https://sourceforge.net/p/fail2ban/mailman/fail2ban-users/

    May 15 22:39:31 Dovecot/auth-worker(2602036): Info: conn
    unix:auth-worker (pid=2602030,uid=113): auth-worker<49>:sql(bin@domain.ch,194.169.175.10): unknown user


    yes i try with fail2ban, but i didn't see or found the right regex,
    so that this will be blocked please has any from you solve this
    knocking task?

    Then post your current configured regex and the result of
    fail2ban-regex.

    Von meinem iPhone gesendet

    Please disable such advertisement.


    --
    Gruß
    Marco

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Charles Curley@21:1/5 to Maurizio Caloro on Fri May 17 18:50:01 2024
    On Fri, 17 May 2024 15:49:52 +0200
    Maurizio Caloro <maurizio@caloro.ch> wrote:

     

    Hello


    Please i know that this arn't the Dovecot forum, but let me try, on
    the log's i have always knocking "unknown user" attempts.


    May 15 22:39:31 Dovecot/auth-worker(2602036): Info: conn
    unix:auth-worker (pid=2602030,uid=113): auth-worker<49>:sql(bin@domain.ch,194.169.175.10): unknown user

    I only see one record here. fail2ban requires multiple attempts within
    a certain period before it will ban the source address.




    yes i try with fail2ban, but i didn't see or found the right regex,
    so that this will be blocked please has any from you solve this
    knocking task?

    Are you sure you want to worry about it? dovecot seems to be doing its
    job by refusing access to unknown users.

    If you see repeated attempts from the same source, you might want to
    craft a firewall rule to ban that source (or than network).

    Show us the files you have modified so we can see what you are doing.



    thanks

     


    Von meinem iPhone gesendet




    --
    Does anybody read signatures any more?

    https://charlescurley.com
    https://charlescurley.com/blog/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)