Recent content by Eric Pretorious

Thanks, UFHH01!

In the proces of writing a daemon to monitor and respond to failed login attempts, I noticed this pattern repeated numerous times every day: Five simultaneous connections - never any more, never any less: Sep 9 04:00:34 www postfix/smtpd[444]: connect from 592329.soborka.net[94.158.158.194]...

FYI: I discovered that the last condition (i.e., "AND mail.redirect = true ;") didn't do anything for paring down the results so I modified the search term by enclosing the word true in quotes and got very different results: mysql> SELECT mail.mail_name FROM mail WHERE mail.redirect = 'true'...

I was able to leverage more of Shall's code to find the answer: mysql> SELECT CONCAT(mail.mail_name,'@',domains.name) AS 'virtual mailbox', mail_redir.address AS 'redirects to' FROM mail_redir,mail,domains WHERE mail_redir.mn_id = mail.id AND mail.dom_id = domains.id AND mail.redirect = true ...

After reading Shall's code samples in the forum post 'Extract "all valid emails"?' I've been able to... Identify virtual mailboxes that have redirects configured: mysql> SELECT mail.id, CONCAT(mail.mail_name,'@',domains.name) FROM mail LEFT JOIN domains ON domains.id = mail.dom_id WHERE...

It's been four days without a single response! Bumping this thread.

Like most hosters - I'm sure - many of our clients create e-mail accounts that forward incoming e-mail to mailboxes hosted on other e-mail services. e.g., Gmail. Lately, though, a handful of these accounts have been receiving a lot of spam (i.e., UCE) and that's been causing a lot of damage...

Inders: I think that cmaxwell is attempting to use FTPS (i.e., SSL-encrypted FTP) - not SFTP, the SSH File Transfer Protocol. [root@www ~]# grep -i ftp /etc/services fsftp 115/tcp sftp 115/udp ...<SNIP>... tps-data 989/tcp # ftp protocol, data...

I guess that what I'm driving at here is: How can I detect brute force attacks against Postfix and stop the ongoing attacks? If I understood how the messages are logged, I might be able to write a simple script that adds a rule to iptables to stop the attacks.

AFAICT, I'm using the command correctly, Igor. From above... [root@www bin]# ./mailmng --add-mailname --domain-name=example.com --mailname=eric [root@www bin]# ./mail_auth_view | grep eric [root@www bin]# Have I overlooked something? Do you see any syntactical errors? Or is this a bug...

I have no idea, Igor. We're using PP 11.0.9 (Update #62) on CentOS 6.5 (x86_64).

A little help here?

So: What say you all? Have I misunderstood? Or is this a bug?

Bumping this message.

I wasn't able to locate the messages that have arrived in the past four days but I was able to repair the account by... Creating an archive of the mailstore (i.e., /var/qmail/mailnames/example.com/eric/Maildir/new): cd /var/qmail/mailnames/example.com/eric/ tar czf /tmp/[email protected]...