Article 13619 at 08/07/28 01:13:04 From: lists (at mark) webtent.net Subject: [coba-e:13619] Re: Dovecot/POP3 Flood

Index: [Article Count Order] [Thread]

Date:  Sun, 27 Jul 2008 12:12:54 -0400
From:  Robert Fitzpatrick <lists (at mark) webtent.net>
Subject:  [coba-e:13619] Re: Dovecot/POP3 Flood
To:  coba-e (at mark) bluequartz.org
Message-Id:  <1217175174.31211.9.camel (at mark) columbus.webtent.org>
In-Reply-To:  <1d4c951a0807251545k9e6cd36ya41555a4f3e1ce19 (at mark) mail.gmail.com>
References:  <1216778280.25751.5.camel (at mark) columbus.webtent.org>	 <20080724104251.3546babe (at mark) patricko>	 <488915BE.4000303 (at mark) theanchoragesylvania.com> <4889881F.8060308 (at mark) dogsbody.org>	 <488A54B4.7000602 (at mark) theanchoragesylvania.com>	 <1d4c951a0807251545k9e6cd36ya41555a4f3e1ce19 (at mark) mail.gmail.com>
X-Mail-Count: 13619

On Fri, 2008-07-25 at 15:45 -0700, Jeff Keller wrote:
> I'd like to configure my (hardware) firewall to block the traffic
> that's crashing dovecot--does anybody know what this signature looks
> like so that I can add that to the firewall?
> 

Did you ever find this? Our firewall shows a hit on the network address
(0). But I saw hundreds of attempts from the IP in both server logs.
Still waiting for the firewall manufacturer to way in and let me know if
there is a way to up the logging, but the script from Greg is up.

-- 
Robert