Date:  Thu, 13 Aug 2009 07:28:15 +1000
From:  Greg Kuhnert <greg.kuhnert (at mark) theanchoragesylvania.com>
Subject:  [coba-e:15880] Re: Block Hacker IP from BQ and BX Server
To:  "coba-e (at mark) bluequartz.org >> BQ List" <coba-e (at mark) bluequartz.org>
Message-Id:  <4A8333EF.1040905 (at mark) theanchoragesylvania.com>
In-Reply-To:  <C81E2DF7ABD74911BB472BEC43ABD0A2@HP9925NR>
References:  <2DAB4EF3-1B30-4A80-9B28-05C1CAC2B271 (at mark) housleyconsulting.com.au> <BAY107-W428D49C8AE2A6E64E87003D1070 (at mark) phx.gbl> <C81E2DF7ABD74911BB472BEC43ABD0A2 (at mark) HP9925NR>
X-Mail-Count: 15880

Darrell D. Mobley wrote:
>> We have been using dfix.sh for quite awhile and it seems to
>> work pretty good for this also. We have also played with
>> deny.hosts and fail2ban when we needed to block other
>> types of services. But if you just need something for dovecot
>> dfix works pretty good, I think it watchs/blocks a few other
>> type attacks also. Good Luck!
>>     
>
> I've been using DFix as well, but the other day I got an POP3 attack that
> DFix did nothing with.  Isn't DFix supposed to address that sort of attack?
>   
There has been a dovecot log format changes recently. I sent a post to 
the list advising all users to upgrade to the most recent version. Older 
versions will not block brute force attacks.

To check your dfix version from a shell - enter the command

rpm -qa dfix

If you are up to date, it will return dfix-9-1

Regards,
Greg.