Firewall, blocking POP3
Robert Bonomi
bonomi at mail.r-bonomi.com
Thu May 31 00:18:02 UTC 2012
> From jbiquez at intranet.com.mx Wed May 30 13:48:05 2012
> Date: Wed, 30 May 2012 13:47:34 -0500
> To: Robert Bonomi <bonomi at mail.r-bonomi.com>
> From: Jorge Biquez <jbiquez at intranet.com.mx>
> Subject: Re: Firewall, blocking POP3
> Cc: freebsd-questions at freebsd.org
>
> Hello.
>
> Thanks a lot!. Simple an elegant solution.
>
> I just did that and of course it worked.... I just was wondering...
> what if I need to have the service working BUT want to block those
> break attemps? IN this and other services. ?
> My guess is that it is a never ending process? I mean, block one,
> block another, another, etc?
If one knows the address-blocks that legitimate customers will be using,
one can block off access from 'everywhere else'.
> What the people who has big servers running for hosting services are
> doing? Or you just have a policy of strng passworrds, server
> up-todate and let the attemps to try forever?
There are tools like 'fail2ban' that can be used to lock out persistant
doorknob-rattlers.
Also, one can do things like allow mail access (POP, IMAP, 'whatever')
only via a port that is 'tunneled' through an SSH/SSL connection.
This eliminates almost all doorknob rattling on the mail access ports,
but gets lots of attempts on the SSH port. Which is generally not a
problem, since the SSH keyspace is vastly larger, and more evenly
distributed, than that for plaintext passwords.
To eliminate virtually all the 'noise' from SSH doorknob-rattling, run
it on a non-standard port. This does =not= increase the actual security
of the system, but it does greatly reduce the 'noise' in the logs -- so
any actual attack attempt is much more obvious.
More information about the freebsd-questions
mailing list