<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>On Apr 5, 2011, at 11:46 PM, Ljubomir Ljubojevic wrote:</div></div></span></div></span></span></div><div><br class="Apple-interchange-newline"><blockquote type="cite"><div><a href="mailto:rrichard@blythe.org">rrichard@blythe.org</a> wrote:<br><blockquote type="cite">Indeed! I run<br></blockquote><blockquote type="cite">Fail2Ban not only against SSH, but against SMTP/AUTH and IMAPS/POP3S (the<br></blockquote><blockquote type="cite">only client mail protocols we support). It's amazing how many dictionary<br></blockquote><blockquote type="cite">attacks take place against SMTP by persistent spamers! Besides the effect<br></blockquote><blockquote type="cite">against dictionary attacks, it makes the morning reading of the secure log<br></blockquote><blockquote type="cite">a pleasant experience. :-)<br></blockquote><br>My SMTP server has Reverse DNS check active, so any SMTP request from IP <br> that does not have Reverse DNS record is automatically forbidden. Even <br>SMTP servers tht are not properly configured (like one Bank server in <br>my country that sends mails from some obscure IP without DNS record even <br>thou I know they are legit) are denied.<br><br>fail2ban had some wrong with it, from the standpoint of my CentOS 5.x <br>server (can't remember what I disliked), wheather it was rpm <br>availability or something else, so I chose denyhosts. There was whole <br>week recently without a single ssh attack on my 3 PC's (2 servers).<br><br>Ljubomir<br>_______________________________________________<br>CentOS mailing list<br><a href="mailto:CentOS@centos.org">CentOS@centos.org</a><br><a href="http://lists.centos.org/mailman/listinfo/centos">http://lists.centos.org/mailman/listinfo/centos</a><br></div></blockquote></div><br><div>I have a centralized bridge PF (Packet Filter) setup and all my servers behind it. All the servers have fail2ban installed and the same on the firewall, so any malicious knock offs on the internal servers ignites the centralized PF that blocks the hosts right away. As mentioned above, I have been using fail2ban for SSH/SMTP/IMAP/POP3 and also have merged content filtering regexes from Amavis into it. That(regex) is the part I love about fail2ban, my fail2ban installation is on a CentOS 5.x box, rpm is available in rpmforge.</div><div><br></div><div>Gaurav</div></body></html>