Facebook
Twitter
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
Issue Mail Server IP Blocking
- Thread starter KrazyBob
- Start date
As the domain was used by spammers some time, it may be blacklisted and that's why some filters block the email as spam upsers . ... This time the emails passed through the filters and reached the recipients. So, if you find your emails blocked by the spam filters, it may be because of a domain name you use in the message content.
Last edited:
KrazyBob
Regular Pleskian
I'm sorry but with respect you have made assumptions that are incorrect. I said nothing about a domain being used by spammers. I quite clearly said I have a server(s) that are constantly being pounded by people trying to get into accounts but using failed passwords and usernames. My question was not at all about spam. I specifically asked if the IP's of those trying to break into mail accounts are being added to fail2ban and if not how I could address it.
KrazyBob
Regular Pleskian
I am assuming that recidive is located in the Fail2Ban conf file? I have IP's that start with 89.xxx.xxx.xxx that regularly found my servers. We're a United States based company and it's rare that anyone outside of the United States should be attempting to access mail, if ever. Other than fail2ban is there an extension you would recommend that would deal better with these issues?
In this case I'd like to give a personal advice: I am one of those persons who is doing business in the U.S. from outside the U.S. And I have frequently experienced U.S. companies blocking access to their websites and - even worse - email from IPs outside the U.S. It is absolutely annoying for a customer. I cannot even communicate with my bank without using "tricks" to circumvent their IP blocking. Whil you'll still experience lots of bot attacks on your mail server one of the results you will get is to lose out on business opportunities that could take your business to the next level. What U.S. business also don't seem to understand is that some of their clients might simply be on a business trip outside the U.S., from where they won't be able to email you, if you block foreign traffic.
Now for your content questions: The "recidive" jail is a standard jail that is delivered by Plesk. It can easily be activated in the jail configuration settings in the GUI. There is no need to edit configuration files on the shell. Fail2Ban with their Postfix, Dovecot and recidive jails is very effective. I am not aware of any other extension that could deal better with it. You could of course try to block all IP ranges that do not belong to your country, but that will be many, and such a configuration in iptables, even when you use sets, could lead to a slow down in network traffic.
Now for your content questions: The "recidive" jail is a standard jail that is delivered by Plesk. It can easily be activated in the jail configuration settings in the GUI. There is no need to edit configuration files on the shell. Fail2Ban with their Postfix, Dovecot and recidive jails is very effective. I am not aware of any other extension that could deal better with it. You could of course try to block all IP ranges that do not belong to your country, but that will be many, and such a configuration in iptables, even when you use sets, could lead to a slow down in network traffic.
KrazyBob
Regular Pleskian
<deep sigh> I really don't like it when people don't answer the question being asked. You just wrote a very long paragraph about how you hate it when companies block access to their websites. Not once did I say anything about anyone blocking access to anyone's websites. That's entirely on you. Please read the question and respond to just a question without assuming and then editorializing on what you think or feel about companies that block certain countries.
I was very clear when I wrote and asked if there's a specific tool or extension that can assist with this prevalent issue that I have dealt with since 1997. I know by tracing these IP's that they are servers that have been hijacked by spammers.
I know that the large companies have installed scripts did monitor these specific IP's they're pounding away at their mail servers and then automatically send a log to the abuse@ address informing the administrator it asking that it be remedied. I'm confident did the recipient of these attacks are at least temporarily jailing these IP's.
I was very clear when I wrote and asked if there's a specific tool or extension that can assist with this prevalent issue that I have dealt with since 1997. I know by tracing these IP's that they are servers that have been hijacked by spammers.
I know that the large companies have installed scripts did monitor these specific IP's they're pounding away at their mail servers and then automatically send a log to the abuse@ address informing the administrator it asking that it be remedied. I'm confident did the recipient of these attacks are at least temporarily jailing these IP's.
The answer was included in my response. Here it is again:
"Now for your content questions: The "recidive" jail is a standard jail that is delivered by Plesk. It can easily be activated in the jail configuration settings in the GUI. There is no need to edit configuration files on the shell. Fail2Ban with their Postfix, Dovecot and recidive jails is very effective. I am not aware of any other extension that could deal better with it. You could of course try to block all IP ranges that do not belong to your country, but that will be many, and such a configuration in iptables, even when you use sets, could lead to a slow down in network traffic."
"Now for your content questions: The "recidive" jail is a standard jail that is delivered by Plesk. It can easily be activated in the jail configuration settings in the GUI. There is no need to edit configuration files on the shell. Fail2Ban with their Postfix, Dovecot and recidive jails is very effective. I am not aware of any other extension that could deal better with it. You could of course try to block all IP ranges that do not belong to your country, but that will be many, and such a configuration in iptables, even when you use sets, could lead to a slow down in network traffic."
KrazyBob
Regular Pleskian
Oh I read that. After being treated to a very long paragraph of you and your personal beliefs and dislike of companies that block IP's I never said anything at all about blocking IP's. You made assumptions that were not accurate. They had no place at all in your answer to my direct question. Have a good evening. Please just answer the question and don't hijack the thread with comments that have nothing to do with the question or the answer.
You had two questions
"I am assuming that recidive is located in the Fail2Ban conf file?"
"Other than fail2ban is there an extension you would recommend that would deal better with these issues?"
Both have been answered.
Both questions are about blocking IPs.
Please accept my apologies for trying to give you a better insight into the results of the strategy that you are trying to implement. It is of course absolutely your decision to block mail server access to all IPs outside the U.S.
"I am assuming that recidive is located in the Fail2Ban conf file?"
"Other than fail2ban is there an extension you would recommend that would deal better with these issues?"
Both have been answered.
Both questions are about blocking IPs.
Please accept my apologies for trying to give you a better insight into the results of the strategy that you are trying to implement. It is of course absolutely your decision to block mail server access to all IPs outside the U.S.
KrazyBob
Regular Pleskian
I said absolutely nothing about blocking mail servers. I asked you if something similar to fail2ban have the ability to notice that certain IP's are attacking the mail server and accordingly block them. That's blocking individual IP's.
I think we're done here. At least you and I.
I think we're done here. At least you and I.
