Profile Details

Toggle Sidebar
Recent updates
  • Nick,

    I was about to run a test and find that I have:


    Is it OK to have multiple check_client_access records followed by each other? ie.


    Or should I be adding this regex to the fqrdns.pcre? I think this one gets updated by system updates?

  • I haven't been able to find many examples of what this access file is supposed to look like. I guess my limited knowledge shows itself here.

    Before I go and completely screw up the mail server by changing the access file, would you mind commenting on the following regex?

    In the access file, to match 6 digits followed by a "dot" followed by 6 digits followed by "@" followed by 5 digits followed by ".com" to match the pattern: "902185.902185@62495.com"

  • Nuke
    Nuke unlocked the badge The Voice
    The Voice
    Loves collaborating with others in the forums.
  • Oh very interesting. I'm going to have to find some examples to get my head around this. Thank you very much Nick. This may be exactly what I'm looking for.

  • Thank you Nick.
    I have had Greylisting installed for a number of years and found it works well. So I'm not sure how these get through.
    I have also included most of the suggestions in the link provided. Thank you for this. Until the past week, everything worked well.
    Two of my children are getting these spam every few minutes. At most, 2 emails are sent from one IP address. I'm collecting the IP addesses to see if I can find a pattern but so far I can't see it.
    I have been using spamhouse and barracudacentral. I know these help a lot.
    The SPAM header is showing up in the SUBJECT so they can filter them to the Junk folder but it is annoying. I will try lowering the discard threshold and hopefully that will reduce the problem.

  • Is it possible to add REGEX in the SMTP blacklist?

    Hello.
    I've started getting many spam from numbered info domains that I'd like to stop. Sending domains look like this "lots of numbers@62784.com".
    I've been looking at documentation and googled but not getting anything that can help me so far.

    Usually I've just added the "62784.com" in the SMTP blacklist and be done with it.

    However the spammer is sending from so many different numbered domains. See below examples:

    This makes it difficult to block since the domains are always changing.
    Unfortunately, the IP addresses all over the world also.
    It would be nice if we could use a REGEX for the numbered domains.
    Is it possible with Postfix?
    If yes, where can I find the documentation. I'm stumped.
    Thank you in advance.

  • Nuke
    Nuke started a new discussion, Attack Detector and httpd

    Attack Detector and httpd

    Hello all.
    I've had some issues with getting attack detector to work but today I made some changes that finally got the postfix-sasl going and banning problem IPs. I'm not sure if the cyrus-imap and openvpn jails are working correctly as it hasn't blocked anything yet.

    Getting this running properly leads me to doing something about the https messages in the daily logwatch email.

    Everyday I get "A total of "x" sites probed the server". Some days it is quite a list.

    I am running two very basic brochure website using the built in webserver.

    I'm trying to figure out how to set up the jails for this. The examples I've found don't look similar to our jail.conf or "clear" specific jails.

    Question:
    1) Where are these https probed the server messages found in the logs? Are they httpd/error_log , httpd/site1_com_error_log , httpd/site2_com_error_log ?

    Couple of questions to the following example from the web.
    2) The action below doesn't look anything in our jails. Is the "action = iptables-multiport[name=auth, port="http,https"]" valid?

    3) If we have multiple sites and multiple error_log to search, can they be added in the logpath line or are jails required for each website?

    4) When our logs rotate, are the fail2ban IPs automatically cleared?

    Thanks in advance.

  • Nick Howitt wrote:

    OK. "Windows Domain Logons" was renamed to "Force SMB1 Protocol". You have it enabled so you have to force SMB1 in the mount.cifs command but we can see virtually no good reason to have "Force SMB1 Protocol" enabled any more, but were too scared to remove it when we renamed it in case there was an edge case which was important. I suggest you remove it at which point it will disappear from the webconfig. It can be added back at the command line if necessary.

    Done.

    Nick Howitt wrote:If you have a space in your file path, try quoting the full path:or try everything:Another reference I bumped into said to change the " " to "\040"


    I have tried all sorts of different combinations of options but no luck so far. I have to take a break today.

    I've tried all the vers options and only vers=2.0 seems to do anything better. Together with sec=ntmlv2 I get So I think I've made some progress. :-(

    Oh frig. When I turned the nas log to debug, it said

    I reset the password when I started this challenge because I couldn't remember the original password. Apparently the change didn't work because when I removed the password (ie. blank) it connected. Put back the original password and all is OK.

    Now I'll try the automount.

    @Nick, thanks for your patience on this. How incredibly stupid on my side. I should have tried to reset the password a few iterations earlier.

  • Thanks Nick.

    Couple of questions if you don't mind.

    Nick Howitt wrote:

    Some time ago I had to update the command on my Pi to:Note the addition of the domain and vers parameters.Vers is the smb protocol and you may now find smb1 is being rejected for security reasons, but please make sure you have disabled "Windows 10 Domain Logons" in the Windows Networking Webconfig as it is no longer needed but will stop you using protocols above SMB1. I also had to add the domain - in my case the workgroup.

    I was trying to get the basic mount command to work before I started on the automount as it looks like it would be more challenging to debug as a first step.

    I can't find that setting in Windows Networking.

    I have following settings:
    Server Name: myServerName
    Printing: disabled
    Home Directories: enabled
    Force SMB1 Protocol: enabled
    WINS Support: disabled
    WINS Server: blank

    Mode
    Mode: Simple Server
    WINDOWS domain: COS

    I have only 1 windows PC and that is from work. I rarely connect to the server.

    I enabled Windows Networking so I could connect using a bunch of Macs. They have no problem connecting to the NAS using SMB, CIFS or AFP. I run TimeMachine backups to the server and for that I've been using CIFS on the Macs.

    I haven't enabled NFS on the NAS as I hear it was slower than SMB, AFP or CIFS.

    Note I think you have an error in your command:should be:

    Thanks for the suggestion. I may have gotten it wrong but there is a space between the two words "Media" and "Share" ie. "//192.168.102.22/Media Share/Movies" The spaces always mess me up. Should it be or or ? I'm using BASH.

    Thanks for your help.

  • Hi again.

    So I ended up using the mount command in a script to mount the external NAS drives. Then removed Plex and removed mount commands.

    With some time now to try to get Plex DNLA going again now, I decided to pick up from where I left off.

    I wanted to test using the mount command before finally getting the automount to work. But, now I can't mount any of the drives. The NAS hasn't been updated. The NAS is running Freebsd 9.1.0.1 - Sandstorm (revision 775). I have SMB 2.0 enabled on the NAS.

    From the command line I've been trying to mount CIFS. I get

    mount error(22): Invalid argument


    The command I've been trying (multiple variants, ver=2.1, sec=ntlm, etc etc)



    I can't tell from the man page what I'm doing wrong.

    I've spent a few hours reading many posts and stackexchange but nothing is working.

    Is there something that I'm missing?