From owner-freebsd-questions@FreeBSD.ORG Thu May 31 00:18:02 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7F97E106567F for ; Thu, 31 May 2012 00:18:02 +0000 (UTC) (envelope-from bonomi@mail.r-bonomi.com) Received: from mail.r-bonomi.com (mx-out.r-bonomi.com [204.87.227.120]) by mx1.freebsd.org (Postfix) with ESMTP id 3C2EB8FC15 for ; Thu, 31 May 2012 00:18:01 +0000 (UTC) Received: (from bonomi@localhost) by mail.r-bonomi.com (8.14.4/rdb1) id q4V0IBBL020440; Wed, 30 May 2012 19:18:11 -0500 (CDT) Date: Wed, 30 May 2012 19:18:11 -0500 (CDT) From: Robert Bonomi Message-Id: <201205310018.q4V0IBBL020440@mail.r-bonomi.com> To: jbiquez@intranet.com.mx In-Reply-To: <3421248490-1670043744@intranet.com.mx> Cc: freebsd-questions@freebsd.org Subject: Re: Firewall, blocking POP3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2012 00:18:02 -0000 > From jbiquez@intranet.com.mx Wed May 30 13:48:05 2012 > Date: Wed, 30 May 2012 13:47:34 -0500 > To: Robert Bonomi > From: Jorge Biquez > Subject: Re: Firewall, blocking POP3 > Cc: freebsd-questions@freebsd.org > > Hello. > > Thanks a lot!. Simple an elegant solution. > > I just did that and of course it worked.... I just was wondering... > what if I need to have the service working BUT want to block those > break attemps? IN this and other services. ? > My guess is that it is a never ending process? I mean, block one, > block another, another, etc? If one knows the address-blocks that legitimate customers will be using, one can block off access from 'everywhere else'. > What the people who has big servers running for hosting services are > doing? Or you just have a policy of strng passworrds, server > up-todate and let the attemps to try forever? There are tools like 'fail2ban' that can be used to lock out persistant doorknob-rattlers. Also, one can do things like allow mail access (POP, IMAP, 'whatever') only via a port that is 'tunneled' through an SSH/SSL connection. This eliminates almost all doorknob rattling on the mail access ports, but gets lots of attempts on the SSH port. Which is generally not a problem, since the SSH keyspace is vastly larger, and more evenly distributed, than that for plaintext passwords. To eliminate virtually all the 'noise' from SSH doorknob-rattling, run it on a non-standard port. This does =not= increase the actual security of the system, but it does greatly reduce the 'noise' in the logs -- so any actual attack attempt is much more obvious.