CHRS: UTF-8 4   
   MSGID: 1:123/755@fidonet 5a62bb72   
   PID: MBSE-BBS 1.0.7.12 (GNU/Linux-x86_64)   
   TZUTC: -0400   
   TID: MBSE-FIDO 1.0.7.12 (GNU/Linux-x86_64)   
   I'm crossposting this from an othernet, and I'm also looking for any pointers   
   or app-specific rulesets for setting up snort on an MBSE host or its LAN. I'm   
   just getting back into snort, not sure if there are any MBSE specific rules,   
   but it appears this new openappID thingy may be of some use.    
      
   I'm also going to aggregate all my hosts' blocklists and have some kind of    
   rsync   
    script to run from cron to keep them synced. As noted below, I'm using CSF to   
   generate them. I have fail2ban installed; not using it tho. Trying to keep   
   the performance impact in check. If anyone has any pointers setting all this    
   up,   
   I'd appreciate it. Willing to share blocklists, etc. Or is there an echo for   
   this, maybe?   
         
   Thanks,   
   jbdigriz   
      
   ...   
      
   Well, it happened again. A spambot managed to find the unpassworded newuser   
   login, and despite my having disabled email access for new users the last time   
   this happened, managed to start sending spam by using or forwarding ssh from   
   there, to port 25 on the localhost address.    
      
   I've blocked IP's the bot was using, and some others that csf hadn't caught,   
   but to fix   
   this I'm going have to disable localhost's smtp access except for valid users.   
   Remains to be see how much is involved there. It's supposed to have already   
   been done, but apparently I missed something.    
       
   So, if you experience any difficulty posting emails from, or sending to,   
   bbs.dragonsweb.org, that's the reason. The smtp server is turned off while I   
   modify the configuration and do some testing, till further notice.    
      
   Sorry this happened, but I can't tell you how much I detest apologizing for   
   someone else being a jerk.    
      
   jbdigriz   
      
   ps. it wouldn't have stopped this particular incident, but this is the kind of   
   thing that also has me seriously considering allowing telnet access through a   
   TLS tunnel. Only.  So, if you're running old systems and require telnet    
   access,   
   you'll be wise to be able to do so from behind an stunnel or other TLSified   
   port on your linux or rpi "firewall", portmaster, etc.    
      
   Also why everyone should be sure their netmail is working properly;-)    
      
       Greetings, James Digriz   
       email: jbdigriz@bbs.dragonsweb.org   
      
   --- MBSE BBS v1.0.7.12 (GNU/Linux-x86_64)   
    * Origin: DragonsWeb Labs BBS 1:123/755 (1:123/755)   
   SEEN-BY: 1/120 15/2 18/0 103/705 123/0 25 50 150 755 1970 135/300   
   SEEN-BY: 153/7715 154/10 20 30 40 700 203/0 221/0 6 226/17 227/201   
   SEEN-BY: 227/400 229/107 275 354 426 452 1014 240/5832 249/206 317   
   SEEN-BY: 249/400 261/38 280/464 5003 292/854 317/3 322/757 340/800   
   SEEN-BY: 342/200 393/68 396/45 423/120 633/280 712/848 770/1 2452/250   
   SEEN-BY: 3634/0 12 15 24 27 50 119   
   PATH: 123/755 3634/12 154/10 280/464 229/426