Nick Howitt wrote:

I suspect we have the same source for out openvpn filters, but I've tweaked mine differently,

Indeed. The source is the same
Thanks for sharing your tweaks.

Do you more filters which you can share ?
I Saw in the screenshot for example Apache and postfix filters
Is there a filter for the ClearOS Webconfig?

Hi Nick,

I see some interesting F2B configs.
Are you willing to share those files/setups?

Nick Howitt wrote:

RFC's say that any sending MTA must have a valid PTR record **but** there is no requirement for the PTR record to resolve back to the sending IP. In this case there is a PTR record pointing to loj2.1915.life, but there is no DNS record for loj2.1915.life. It looks like postfix is correctly rejecting the mail. Enabling the jail should pick up the bad messages. Setting maxretry is just a bit more aggressive, but will probably be OK. There is a risk, however. 5xx failure codes are temporary DNS failure codes and there are some of them in the filter. There is a risk you could block valid e-mails which fail because of a temporary DNS issue.

Hi Nick,

Thanks for your reply.
Good to hear that Postfix is correclty rejecting these kind of mail.
I've tried this setup and see fail2ban is picking up the config:

FAIL2BAN.LOG


MAIL.LOG


i'll try this for the next few days and check the log frequently

Hi

I know this is an old thread, but i think my question is related to the content.

I see in my mail.log time to time a lot of these messages.


Not sure if this is something to worry about, but i'm trying to get the server better secured.

I've installed fail2ban, but i don't see this IP being blocked, maybe because fail2ban is only blocking on postfix-sasl

No i've added in : /etc/fail2ban/jail.d a file : clearos-postfix.conf



Not sure if this will work or not or it will break other things

Please comment if i can secure the server with a better methode for these kind of attacks

Thanks

Fred, Nick,

On my VMware test setup i've made a clean install of v2021 and did a update to 2022.
All went smooth and looks like it is working.
SInce i've already made build of 2022 on my production server i'll not installed the package from the repos.

This is the output of the update on my VMware testserver for reference


Thanks both of you for the effort !

I've played around a bit with koji and got domoticz to build. It was not with the correct options so I've manually tagged it into clearos-contribs-testing. Hopefully it will build correctly next time without the manual tagging. I can't test until there is a version bump.

I will always have to be contacted to get the package to build in koji in the first place but otherwise I hope it will be OK.

If you can, please test the build and I can then release it.

Hi Fred,

I've installed today the Domoticz build on my production server and everything is running well.
Thanks for the clear instruction and support
I hope that Koji will work again next time, but this is also working

Thanks again !

Fredrik Fornstad wrote:

Patrick,
In ClearOS/Centos there is no package called libpython3 to my knowledge, instead I think you mean python3-libs...
Anyway, I will likely update my instruction above to do in the build machine before doing the rpmbuild -bs domoticz.spec command. I am not sure if it is needed, but it will at least take care of an error message. Also, I will try to update the spec-file itself to make sure python 3.6 is installed together with domoticz.

Expect a domoticz-2022.1-3 update in a day or so.

/Fred

I did :
And these package were then installed.

Patrick,
In ClearOS/Centos there is no package called libpython3 to my knowledge, instead I think you mean python3-libs...
Anyway, I will likely update my instruction above to do in the build machine before doing the rpmbuild -bs domoticz.spec command. I am not sure if it is needed, but it will at least take care of an error message. Also, I will try to update the spec-file itself to make sure python 3.6 is installed together with domoticz.

Expect a domoticz-2022.1-3 update in a day or so.

/Fred

Hi Fred

I managed to build an rpm version and get Domoticz running on a VMware
Only Domoticz runs on Python 3.4 instead of 3.6.
Both versions of Python are installed and when I do Python --version I get " version 3.6.8"

Now do I aso have a spare server with a copy of an old ClearOS with Domoticz 2021.1 installed.
If I do the update, I just get Domoticz running on Python 3.6.

Now I don't remember if I ever updated anything on this, but do you know if I can get VMware (fresh install) to also run Domoticz with Python 3.6?