Recent content by danami

Juggernaut Security and Firewall 5.03 has been released with Debian 13 support, bug fixes, and more: https://www.danami.com/clients/announcements/169/Juggernaut-Security-and-Firewall-5.03-Released.html

@Hangover2 Thanks for providing your systemd-journal configuration. I have some additional ideas I we can do for the next release of Warden to optimize things even further.

@Hangover2 I recommend that you open a ticket in our client area and if you can provide us access to a server then I can see if I can optimize things further for you. Things are really going to be server hardware and configuration dependent.

We have released Warden 5.05 which adds Debian 13 support, log parser optimizations, bug fixes, and more: https://www.danami.com/clients/announcements/168/Warden-Anti-spam-and-Virus-Protection-5.05-Released.html

@MacGyver No that wouldn't be practical. You should disable SMTP_AUTH on port 25 and have your clients sending using the submission port 587. Then you can restrict sending to countries that you authorize: https://www.danami.com/clients/knowledgebase/242

@Hangover2 Yes we've optimized the journald log parser in the next version of Warden so log lookups are almost instant now reguardless of journald size :)

@Hangover2 Warden will detect if DCC is setup as a service and you will see it listed on the Warden dashboard under the services section. It should run way faster then just using the DCC binary.

@Hangover2 Also make sure that you are running DCC as a service and not just calling the binary. We have instructions here: https://docs.danami.com/warden/user-guide/antispam-plugins/dcc#enable-the-dcc-interface-daemon

@papahausa These are the only settings that you should be migrating across servers are policy settings, blacklists and whitelists. https://www.danami.com/clients/knowledgebase/247/-How-can-I-migrate-Warden-settings-from-one-server-to-another-.html Many settings are OS specific so you will...

@MacGyver You can hover your mouse over every setting in Juggernaut to get detailed information about what each setting does: https://www.danami.com/clients/knowledgebase/172/How-can-I-get-detailed-help-about-a-specific-setting.html Without "Drop incoming logging" enabled an IP address being...

@MacGyver You should always use the IPtables search on the dashboard or using the command line instead of trying to search the Logs -> IPTables logs: To search for an IP address csf --grep <ipaddress> It will tell you exactly what is being blocked and more importantly the reason why it was...

This is because dovecot 2.4 logs to a different format that doesn't match the old filter. As a temp fix you can replace the old filter with the latest dovecot filter from the fail2ban github repo. I've tested the new dovecot filter it and it works with dovecot 2.4...

You should also check for any customizations to the dovecot configs in /etc/dovecot/conf.d/ . Plesk 18.0.73 upgraded to dovecot 2.4 which uses an entirely different config format so any customizations would need to be updated to the new format...

Check the systemd-journal for errors with the command: journalctl -xeu dovecot.service If you see the error below then you have to update the Warden extension to the latest version: Fatal: Error in configuration file /etc/dovecot/conf.d/99-warden.conf line 9: Unknown section name The latest...

@Alexander Bien Make sure that you have updated to Plesk Obsidian 18.0.73 Update 2 as they should have fixes for that: From the Plesk changelog: Fixed the issue where, after updating to Plesk Obsidian 18.0.73, Thunderbird could not send or receive emails when “Encrypted Password” was selected...