Postfix/Dovecot fail2ban
Posted by valqk on
Sources:
http://workaround.org/ispmail/squeeze/sysadmin-niceties
http://www.fail2ban.org/wiki/index.php/Postfix
Copy of my post http://superuser.com/questions/576751/example-of-fail2ban-configuration-to-ban-servers-spamming-my-postfix-server/600365
I've just got sick of all the RBL spammers filling my logs, so I've setup my postfix to ban them.
After doing so, load dropped because they were a lot!
Be aware that you have to implement some way of cleaning the banned list.
I'm planing to restart fail2ban on weekly basis.
Check out these rules: http://www.fail2ban.org/wiki/index.php/Postfix
Add them in: /etc/fail2ban/filter.d/postfix.conf (that's in Debian System!)
Also good to read this (search for fail2ban): http://workaround.org/ispmail/squeeze/sysadmin-niceties (some snippets from there).
In short:
In jain.conf set:
[postfix]
enabled = true
Good to do if you'r using dovecot (from link above):Create /etc/fail2ban/filter.d/dovecot-pop3imap.con and add in it:
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \ (auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.*
ignoreregex =
Add section in jail.conf:
[dovecot-pop3imap]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot-pop3imap
logpath = /var/log/mail.log
Restart fail2ban and check iptables -nvL if the chans for postfix and courier are added. BE AWARE! This is for Debian based systems. Check files paths for RH or others.
http://workaround.org/ispmail/squeeze/sysadmin-niceties
http://www.fail2ban.org/wiki/index.php/Postfix
Copy of my post http://superuser.com/questions/576751/example-of-fail2ban-configuration-to-ban-servers-spamming-my-postfix-server/600365
I've just got sick of all the RBL spammers filling my logs, so I've setup my postfix to ban them.
After doing so, load dropped because they were a lot!
Be aware that you have to implement some way of cleaning the banned list.
I'm planing to restart fail2ban on weekly basis.
Check out these rules: http://www.fail2ban.org/wiki/index.php/Postfix
Add them in: /etc/fail2ban/filter.d/postfix.conf (that's in Debian System!)
Also good to read this (search for fail2ban): http://workaround.org/ispmail/squeeze/sysadmin-niceties (some snippets from there).
In short:
In jain.conf set:
[postfix]
enabled = true
Good to do if you'r using dovecot (from link above):Create /etc/fail2ban/filter.d/dovecot-pop3imap.con and add in it:
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \ (auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P
ignoreregex =
Add section in jail.conf:
[dovecot-pop3imap]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot-pop3imap
logpath = /var/log/mail.log
Restart fail2ban and check iptables -nvL if the chans for postfix and courier are added. BE AWARE! This is for Debian based systems. Check files paths for RH or others.
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments