Postfix/Dovecot fail2ban
Posted by valqk on
Sources:
http://workaround.org/ispmail/squeeze/sysadmin-niceties
http://www.fail2ban.org/wiki/index.php/Postfix
Copy of my post http://superuser.com/questions/576751/example-of-fail2ban-configuration-to-ban-servers-spamming-my-postfix-server/600365
I've just got sick of all the RBL spammers filling my logs, so I've setup my postfix to ban them.
After doing so, load dropped because they were a lot!
Be aware that you have to implement some way of cleaning the banned list.
I'm planing to restart fail2ban on weekly basis.
Check out these rules: http://www.fail2ban.org/wiki/index.php/Postfix
Add them in: /etc/fail2ban/filter.d/postfix.conf (that's in Debian System!)
Also good to read this (search for fail2ban): http://workaround.org/ispmail/squeeze/sysadmin-niceties (some snippets from there).
In short:
In jain.conf set:
[postfix]
enabled = true
Good to do if you'r using dovecot (from link above):Create /etc/fail2ban/filter.d/dovecot-pop3imap.con and add in it:
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \ (auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.*
ignoreregex =
Add section in jail.conf:
[dovecot-pop3imap]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot-pop3imap
logpath = /var/log/mail.log
Restart fail2ban and check iptables -nvL if the chans for postfix and courier are added. BE AWARE! This is for Debian based systems. Check files paths for RH or others.
http://workaround.org/ispmail/squeeze/sysadmin-niceties
http://www.fail2ban.org/wiki/index.php/Postfix
Copy of my post http://superuser.com/questions/576751/example-of-fail2ban-configuration-to-ban-servers-spamming-my-postfix-server/600365
I've just got sick of all the RBL spammers filling my logs, so I've setup my postfix to ban them.
After doing so, load dropped because they were a lot!
Be aware that you have to implement some way of cleaning the banned list.
I'm planing to restart fail2ban on weekly basis.
Check out these rules: http://www.fail2ban.org/wiki/index.php/Postfix
Add them in: /etc/fail2ban/filter.d/postfix.conf (that's in Debian System!)
Also good to read this (search for fail2ban): http://workaround.org/ispmail/squeeze/sysadmin-niceties (some snippets from there).
In short:
In jain.conf set:
[postfix]
enabled = true
Good to do if you'r using dovecot (from link above):Create /etc/fail2ban/filter.d/dovecot-pop3imap.con and add in it:
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \ (auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P
ignoreregex =
Add section in jail.conf:
[dovecot-pop3imap]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot-pop3imap
logpath = /var/log/mail.log
Restart fail2ban and check iptables -nvL if the chans for postfix and courier are added. BE AWARE! This is for Debian based systems. Check files paths for RH or others.