Mise

  • Total activity 101
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 0
  • Subscriptions 24

Activity overview

Latest activity by Mise
  • Mise commented,

    I have solved the issue 3 days ago. I'm using RBL Barracuda, Spamhaus and other proved RBL. The log message "is in an RBL: Automated dictionary attacks" is generic, without any RBL associated. I...

  • Mise commented,

    there is this option: "Ratelimit suspicious SMTP servers" which is ON it seems it can return that message: "Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack" Descr...

  • Mise created a post,

    Gmail is blocked because Dictionary Attacks

    Some people experience message rejections from their gmail accounts with this message: 550 "JunkMail rejected - mail-xx-xx.google.com [209.85.221.64]:48137 is in an RBL: Automated dictionary attac...

  • Mise commented,

    finally I have included a partial-lsearch in this line of the Exim advanced editor "hostlist greylist_common_mail_providers = partial-lsearch;/etc/greylist_common_mail_providers" because the lin...

  • Mise created a post,

    Whitelisting RBL domains

    I have one customer receiving emails from one cloud service which uses different ips: omta37.uswest2.a.cloudfilter.net 35.89.44.36 omta037.useast.a.cloudfilter.net 44.202.169.36 ..etcetera. and ...

  • Mise commented,

    it's solved. After some time without finding the reason I looked to the browser behaviour, and one chrome extension was interfering with the timezone loaded in WHM About the backup notification em...

  • Mise commented,

    date and logs files shows the right time: date: 2022-08-26 06:39:34 it is the WHM interface which shows wrong time: WHM > Email > Mail Delivery Reports 2022-08-26 04:39:34 1oRMRi-00...... Al...

  • Mise created a post,

    Time difference in WHM reports

    the WHM option "Email reports" shows a difference of -2 hours in all the messages, regarding the system time and mail logs Also the automatic email backups are showing the same -2 hours difference...

  • Mise commented,

    I would try somehting like this depending of the attack strings: RewriteCond %{HTTP_USER_AGENT} ^.*(string1|string2|string3.....).*$ [NC] RewriteRule ^ 406 [L,R] letters between [..] l...

  • Mise commented,

    the overload could be because csf should execute the blocking and write the ips inside the csf.deny file. The attack seem to be string chains inside the User Agent header, and then returning a 40...