HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Tips/Tricks/Mods (http://www.howtoforge.com/forums/forumdisplay.php?f=29)
-   -   Suggestion: check fail2ban sasl.conf for postfix smtpd (http://www.howtoforge.com/forums/showthread.php?t=48153)

gasparov 22nd August 2010 01:14

Suggestion: check fail2ban sasl.conf for postfix smtpd
 
Hi,
this problem was present on my up to date system after following the ispconfig3 guide for ubuntu 9.10 and google says some debian users had a similar problem too.(bug 573314)

If you want to block smtp brute force attempts you have to enable the sasl filter in jail.conf and change failregex in /etc/fail2ban/filter.d/sasl.conf to

Code:

failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
To test it:
Code:

fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/sasl.conf

This is a "works for me solution" :p

Thanks for the great guide, Ispconfig makes things so easy....


All times are GMT +2. The time now is 05:12.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.