Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 9.x Contribs
  4. Topic: Fail2Ban against Qpsmtpd IP 212.83.168.232
« previous next »
Pages: [1]   Go Down

Fail2Ban against Qpsmtpd IP 212.83.168.232

  • 7 Replies
  • 2064 Views

Offline SchulzStefan

  • *
  • 620
  • +0/-0
Fail2Ban against Qpsmtpd IP 212.83.168.232
« on: November 12, 2017, 04:29:50 PM »
The IP 212.83.168.232 attempts a lot times against Qpsmtpd.

https://www.talosintelligence.com/reputation_center/lookup?search=212.83.168.232

brings up:

Hostname   front.koozali.org

What does this mean?

regards,
stefan
Logged
And then one day you find ten years have got behind you.

Time, 1973
(Mason, Waters, Wright, Gilmour)

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Fail2Ban against Qpsmtpd IP 212.83.168.232
« Reply #1 on: November 12, 2017, 05:27:10 PM »
This is the main IP address of Koozali's infra, including the one emails of our mailing lists are sent from. When you say "attempts" I guess you mean this server tries to deliver emails to you, which is probably legitimate. Please send any further info to security@contribs.org and we'll investigate if necessary
Logged
C'est la fin du monde !!! :lol:

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Fail2Ban against Qpsmtpd IP 212.83.168.232
« Reply #2 on: November 12, 2017, 06:48:52 PM »
Please send me directly some logs of those SMTP transactions (from your qpsmtpd logs)
Logged
C'est la fin du monde !!! :lol:

Offline SchulzStefan

  • *
  • 620
  • +0/-0
Re: Fail2Ban against Qpsmtpd IP 212.83.168.232
« Reply #3 on: November 13, 2017, 09:54:54 AM »
This might have been the reason:

#config show qpsmtpd BadCountries
qpsmtpd=service
    BadCountries=snip - FR - snip

I deleted FR from my list and will report back, if this helped.

regards,
stefan
Logged
And then one day you find ten years have got behind you.

Time, 1973
(Mason, Waters, Wright, Gilmour)

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Fail2Ban against Qpsmtpd IP 212.83.168.232
« Reply #4 on: November 13, 2017, 09:57:07 AM »
This certainly can be a reason ;-)
Koozali infra is hosted in France indeed
Logged
C'est la fin du monde !!! :lol:

Offline SchulzStefan

  • *
  • 620
  • +0/-0
Re: Fail2Ban against Qpsmtpd IP 212.83.168.232
« Reply #5 on: November 14, 2017, 02:13:59 PM »
It was the reason.

regards,
stefan
Logged
And then one day you find ten years have got behind you.

Time, 1973
(Mason, Waters, Wright, Gilmour)

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Fail2Ban against Qpsmtpd IP 212.83.168.232
« Reply #6 on: November 21, 2017, 07:36:19 PM »
Quote from: SchulzStefan on November 13, 2017, 09:54:54 AM
#config show qpsmtpd BadCountries
qpsmtpd=service
    BadCountries=snip - FR - snip

NATO allies, are they not?
Logged

Offline SchulzStefan

  • *
  • 620
  • +0/-0
Re: Fail2Ban against Qpsmtpd IP 212.83.168.232
« Reply #7 on: November 21, 2017, 09:07:45 PM »
Quote from: CharlieBrady on November 21, 2017, 07:36:19 PM
NATO allies, are they not?

They are, of course. My bad. I should trust any French IP. J'aime beaucoup nos amis francaise. And it's not only because of the Bordeaux-Wine and the delicious food... This is going to be OT now...

regards,
stefan

Logged
And then one day you find ten years have got behind you.

Time, 1973
(Mason, Waters, Wright, Gilmour)
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 9.x Contribs
  4. Topic: Fail2Ban against Qpsmtpd IP 212.83.168.232