Koozali.org: home of the SME Server

Dovecot - Protection contre la force brute ?

Offline Jean-Philippe Pialasse

  • *
  • 2,852
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Dovecot - Protection contre la force brute ?
« Reply #15 on: October 20, 2023, 06:39:51 PM »
tu as besoin de configurer geoip pour que xt_geoip puisse fonctionner car ce dernier a besoin des bases de données de maxmind dans un format specifique.

Offline ReetP

  • *
  • 3,881
  • +5/-0
Re: Dovecot - Protection contre la force brute ?
« Reply #16 on: October 21, 2023, 02:15:01 AM »
^^^^^^^^^

What he said :lol:

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline lurey

  • *
  • 78
  • +0/-0
Re: Dovecot - Protection contre la force brute ?
« Reply #17 on: October 21, 2023, 01:34:35 PM »
…actuellement, c'es donc GeIP qui tourne sur mon serveur, installé et configuré selon les indications du wiki correspondant, à savoir (après avoir ouvert un compte Maxmind:
Quote
[root@serveur]# yum install smeserver-geoip --enablerepo=smecontribs
[root@serveur]# db configuration setprop geoip LicenseKey [mon n° de licence] AccountID [mon ID]
[root@serveur]# expand-template  /etc/GeoIP.conf
[root@serveur]# signal-event geoip-update
[root@serveur]# config setprop qpsmtpd BadCountries BR,CN,CR,DZ,IL,IN,JP,KR,LT,MZ,MX,NA,PE,PL,RU,TW,UY
( > pour ajouter un pays, il faut remettre toute la liste à la suite de cette commande)
[root@serveur]# signal-event email-update
Je crois comprendre que le moteur est le même pour XT-GeoIP, un peu comme si XT- mettait une "couche supplémentaire" à GeIP ? ...excusez-moi si mes approximations sont absurdes, c'est pour moi une manière d'interpréter la logique de
I think they co-exist so you will be fine.It should tell you if they clash.
You do not need to uninstall anything.

Est-ce à dire que les éléments rentrés en db vont être repris lors de l'install de XT- … ou vont être écrasés ?
Et donc à cette indication :
tu as besoin de configurer geoip pour que xt_geoip puisse fonctionner car ce dernier a besoin des bases de données de maxmind dans un format specifique.
Ma question est : quoi de plus (ou de différent) de ce qui est déjà fait à l'install de la version (simple) de GeoIP ?

Merci de votre soutien !
Bricoleur informatique, qui speak très mal english... merci de votre indulgence !

Offline ReetP

  • *
  • 3,881
  • +5/-0
Re: Dovecot - Protection contre la force brute ?
« Reply #18 on: October 21, 2023, 02:22:17 PM »
Standard GeoIP adds the Maxmind DBs and enables geoip support directly in qpsmtpd via a qpsmtpd plugin.

Xt_geoip adds a kernel module and blocks countries via iptables and service port so it can block other servicees beyond just mail eg ssh, imap etc.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline lurey

  • *
  • 78
  • +0/-0
Re: Dovecot - Protection contre la force brute ?
« Reply #19 on: October 21, 2023, 03:28:57 PM »
OK,
So if xt- is installed, it can block several services - including those that the standard version can block (mail)
? Then, if I install xt-geoip, standard-geoip becomes useless  ...Or How is it interesting that they coexist?
( Possibly to stay protected while installing and configuring xt-geoip ? but in that case, could afterwards-uninstalling (standard-)geoip corrupt Xt-geoip's installation?
...
And I don't know how to understand JPh.Pialasse's "you need to configure geoip for xt-geoip to work because the latter needs maxmind databases in a specific format."...
- I imagine that I'll use the same account at Maxmind.
- in Xt-geoip wiki, Key and ID are registred with the same command I made for (standard)geoip :
Quote
# db configuration setprop geoip LicenseKey [mon n° de licence] AccountID [mon ID]
(...and I already have:)
# config show geoip
geoip=service
   AccountID=my ID
   LicenseKey=my licence n°
   status=enabled
Will installing Xt-geoip overwrite this? or use this command differently...?

...sorry for my bad-google-english (...and clumsy attempts to understand despite little skills! )
Bricoleur informatique, qui speak très mal english... merci de votre indulgence !

Offline ReetP

  • *
  • 3,881
  • +5/-0
Re: Dovecot - Protection contre la force brute ?
« Reply #20 on: October 21, 2023, 04:01:31 PM »
Your Franglish is fine :-)

Mejor que mi Frances....  ;-)

smeserver-geoip will handle the Maxmind DBs which xt needs to use.

They can coexist as they do things differently.

As I said, Geoip works via a qpsmtpd plugin.

Xt_Geoip works via a kernel module + iptables. It uses the GeoIP key information.

If you run xt then the qpsmtpd plugin will just do less work!!

Both use the same Maxmind database.

So don't panic and have them both. It's fine.

Do yourself a favour, get the CVS code for the contribs and look at it to see what they do.

It will help you to understand.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline lurey

  • *
  • 78
  • +0/-0
Re: Dovecot - Protection contre la force brute ?
« Reply #21 on: October 21, 2023, 06:27:43 PM »
(...)So don't panic and have them both. It's fine.
I just followed your advice, and did install Xt-Geoip !

No error message.
Maxmind registration stayed.
BadContries for qpsmtp stayed.

> I just had to add BadContries for services other than qpsmtp. (easy to do with Geoip page in the server-manager, / Merci Gieres pour les traductions fr ! )
I still need to explore the different possibilities and configuration parameters
Quote
Do yourself a favour, get the CVS code for the contribs and look at it to see what they do.
It will help you to understand.
I did'nt... at that time.
I first started by looking for the meaning of "CVS"  :oops:, found a link to the page https://viewvc.koozali.org/smecontribs/rpms/, saw "sme-geoip/contribs10" (but no Xt-geoip)...
but I haven't figured out how to use your good and friendly advice yet...
I will try again with more free time, especially since the language is still a handicap for me, already to understand how to use the  offered tools(even when for you, it appears obvious because you use them regularly).
...and, I fear that I lack too much basic knowledge for trying to read and understand codes and links between program elements !

Have a good evening
« Last Edit: October 21, 2023, 06:29:51 PM by lurey »
Bricoleur informatique, qui speak très mal english... merci de votre indulgence !