Re: [gentoo-user] Can't block pop3 attack

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: kashani <kashani-list@badapple.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Can't block pop3 attack
Date: Sat, 24 Oct 2009 16:02:54 -0700	[thread overview]
Message-ID: <4AE3879E.5020409@badapple.net> (raw)
In-Reply-To: <200910241639.18730.robin.atwood@attglobal.net>

Robin Atwood wrote:
> On Saturday 24 October 2009, Alan McKinnon wrote:
>> On Friday 23 October 2009 21:49:42 Robin Atwood wrote:
>>> My syslog is showing zillions of messages:
>>>
>>> Oct 24 02:25:58 opal xinetd[8054]: START: pop-3 pid=16534
>>>  from=61.134.64.199 Oct 24 02:25:59 opal xinetd[16534]: warning:
>>>  /etc/hosts.allow, line 7: can't verify hostname:
>>>  gethostbyname(199.64.134.61.broad.gs.dynamic.163data.com.cn) failed
>>> Oct 24 02:26:09 opal xinetd[8054]: EXIT: pop-3 status=0 pid=16534
>>> duration=11(sec)
>>>
>>> I run denyhosts but don't trap pop3 messages so I manually added the IP
>>> address to /etc/hosts.deny and..., it made absolutely no difference. I
>>> run qpopper which is compiled with xinetd support and xinetd uses tcpd,
>>> so I assumed the address would be blocked. Apparently not so. Any ideas?
>> You have allow ALL ALL early in hosts.allow, or
>> you have allow pop3 all earlier in hosts.allow
>  
> The second! I had forgotten about that. The trouble I set it up that way so I 
> could pick up email from arbitrary locations while travelling. It seems the 
> price of that is allowing idiots to spam your logs. 
> 
> Thanks for the pointer.
> -Robin

You might think about moving to pop3-ssl or imap-ssl and dropping the 
unencrypted protocols. Usually keeps people from banging on the servers 
and much safer if you use the occasional unsecured wireless network.

kashani

     prev parent reply	other threads:[~2009-10-24 23:02 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-10-23 19:49 [gentoo-user] Can't block pop3 attack Robin Atwood
2009-10-23 20:57 ` Alan McKinnon
2009-10-24  9:39   ` Robin Atwood
2009-10-24 23:02     ` kashani [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4AE3879E.5020409@badapple.net \
    --to=kashani-list@badapple.net \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox