• Blocking SMTP access

    From Tony Langdon@VERT to All on Mon Jun 29 23:27:00 2020
    Just a quick question. I'm having a lot of trouble with the SMTP service being hammered to the point that I can't receive legitimate email. I'm looking to block the crap, so I can receive actual email again. Has anyone got fail2ban working with Synchronet? That's my normal goto, because it uses iptables to block unwanted traffic. Or can anyone recommend a method that doesn't unduly load sbbs? It seems SMTP is the most affected service these days, I'm not having too many issues with telnet/SSH )not enough to make it hard to log in).

    I'll also have to read up on the inbuilt tools.


    ... Borrow money from pessimists. They don't expect it back.
    === MultiMail/Win v0.51
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From MRO@VERT/BBSESINF to Tony Langdon on Tue Jun 30 03:27:00 2020
    Re: Blocking SMTP access
    By: Tony Langdon to All on Mon Jun 29 2020 07:27 pm

    Just a quick question. I'm having a lot of trouble with the SMTP service be hammered to the point that I can't receive legitimate email. I'm looking to block the crap, so I can receive actual email again. Has anyone got fail2ba working with Synchronet? That's my normal goto, because it uses iptables to block unwanted traffic. Or can anyone recommend a method that doesn't undul load sbbs? It seems SMTP is the most affected service these days, I'm not having too many issues with telnet/SSH )not enough to make it hard to log in

    I'll also have to read up on the inbuilt tools.


    you can block by country. it's rough. i'm getting hit very hard and i block by hand. it's my windows bbs so i use a script to put them in windows firewall and into peerblock.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Tony Langdon@VERT to MRO on Wed Jul 1 00:27:00 2020
    On 06-29-20 23:27, MRO wrote to Tony Langdon <=-

    you can block by country. it's rough. i'm getting hit very hard and i block by hand. it's my windows bbs so i use a script to put them in windows firewall and into peerblock.

    It might come to that. Won't take much to put country data into iptables.


    ... Experience is knowing a lot of things you shouldn't do again.
    === MultiMail/Win v0.51
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Daryl Stout@VERT/TBOLT to Tony Langdon on Tue Jun 30 18:47:00 2020
    Tony,

    Just a quick question. I'm having a lot of trouble with the SMTP
    service being hammered to the point that I can't receive legitimate
    email. I'm looking to block the crap, so I can receive actual email again. Has anyone got fail2ban working with Synchronet? That's my
    normal goto, because it uses iptables to block unwanted traffic. Or
    can anyone recommend a method that doesn't unduly load sbbs? It seems SMTP is the most affected service these days, I'm not having too many issues with telnet/SSH )not enough to make it hard to log in).

    I changed the SMTP port to a different value, and use TLS with it.

    Daryl

    ... When told to delete cookies, I ate another OREO.
    --- MultiMail/Win v0.52
    ■ Synchronet ■ The Thunderbolt BBS - tbolt.synchro.net
  • From Tony Langdon@VERT to Daryl Stout on Thu Jul 2 00:55:00 2020
    On 06-30-20 14:47, Daryl Stout wrote to Tony Langdon <=-

    I changed the SMTP port to a different value, and use TLS with it.

    Changing the port is a non option, I don't want to go jumping through hoops to receive email via some relay.


    ... When Eve arrived, this was no longer a man's world.
    === MultiMail/Win v0.51
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Ragnarok@VERT/DOCKSUD to Tony Langdon on Wed Jul 1 23:10:04 2020
    El 29/6/20 a las 06:27, Tony Langdon escribió:
    Just a quick question. I'm having a lot of trouble with the SMTP service being
    hammered to the point that I can't receive legitimate email. I'm looking to block the crap, so I can receive actual email again. Has anyone got fail2ban working with Synchronet? That's my normal goto, because it uses iptables to block unwanted traffic. Or can anyone recommend a method that doesn't unduly load sbbs? It seems SMTP is the most affected service these days, I'm not having too many issues with telnet/SSH )not enough to make it hard to log in).


    I have working fail2ban with sbbs and share my confg files at my ftp
    server for you:

    ftp://bbs.docksud.com.ar/

    you must send the sbbs output log to file via rsyslog.conf (ex: /var/log/sbbs.log):

    local3.* -/var/log/sbbs.log

    and the verify you sbbs.ini the unix section:

    [UNIX]
    LogFacility=3


    Saludos!

    ---
    ï¿­ Synchronet ï¿­ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar
  • From Ragnarok@VERT/DOCKSUD to Tony Langdon on Wed Jul 1 23:11:13 2020
    El 1/7/20 a las 07:55, Tony Langdon escribió:
    On 06-30-20 14:47, Daryl Stout wrote to Tony Langdon <=-

    I changed the SMTP port to a different value, and use TLS with it.

    Changing the port is a non option, I don't want to go jumping through hoops to
    receive email via some relay.

    good fail2ban rules will help you

    ---
    ï¿­ Synchronet ï¿­ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar
  • From Daryl Stout@VERT/TBOLT to Tony Langdon on Wed Jul 1 22:51:00 2020
    Tony,

    I changed the SMTP port to a different value, and use TLS with it.

    Changing the port is a non option, I don't want to go jumping through hoops to receive email via some relay.

    When I originally set up D-Rats, and had email with it, I enabled TLS
    with port 587 on SMTP instead of 25. The same is true with Synchronet.
    But, I also have Peerblock in place to block "known countries" with
    numerous "hackings", etc.

    Daryl

    ... Email returned to sender...insufficient voltage.
    --- MultiMail/Win v0.52
    ■ Synchronet ■ The Thunderbolt BBS - tbolt.synchro.net
  • From Tony Langdon@VERT to Ragnarok on Fri Jul 3 00:11:00 2020
    On 07-01-20 19:10, Ragnarok wrote to Tony Langdon <=-

    I have working fail2ban with sbbs and share my confg files at my ftp server for you:

    ftp://bbs.docksud.com.ar/

    Thanks, I'll check it out.


    ... A BAND AID?!?! I'm a doctor not a... Oh yeah...
    === MultiMail/Win v0.51
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Tony Langdon@VERT to Ragnarok on Fri Jul 3 00:53:00 2020
    On 07-01-20 19:11, Ragnarok wrote to Tony Langdon <=-

    good fail2ban rules will help you

    That's what I figured. :)


    ... FOR SYSOP USE ONLY - Do not write below this line.
    === MultiMail/Win v0.51
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Tony Langdon@VERT to Daryl Stout on Fri Jul 3 00:55:00 2020
    On 07-01-20 18:51, Daryl Stout wrote to Tony Langdon <=-

    When I originally set up D-Rats, and had email with it, I enabled TLS with port 587 on SMTP instead of 25. The same is true with Synchronet. But, I also have Peerblock in place to block "known countries" with numerous "hackings", etc.

    But was that for receiving DMTP mail from other systems, or for sending email from toyr PC to the world? Port 587 (AKA Subm ission port) is normally used for accepting mail from users.


    ... A student who changes the course of history is probably taking an exam.
    === MultiMail/Win v0.51
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Tracker1@VERT/TRN to Daryl Stout on Mon Jul 6 10:31:53 2020
    On 6/30/2020 12:47 PM, Daryl Stout wrote:

    I changed the SMTP port to a different value, and use TLS with it.

    If you have SMTP on a non-standard port, you will not be able to receive
    mail, unless you have the explicit TLS port open, and the sending server
    tries it.

    Best to just limit sending to authenticated users only, or put other
    access restrictions to remove the ability.

    --
    Michael J. Ryan
    tracker1 +o Roughneck BBS

    ---
    þ Synchronet þ Roughneck BBS - coming back 2/2/20