Thread: Attacks on MTA
View Single Post
  #4  
Old 29th September 2009, 16:20
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,033
Thanks: 261
Thanked 146 Times in 128 Posts
Default

Are you using courierpop3?

The rule that you need does probably look something like this (NOT TESTED!)

[pop3d]

enabled = true
port = pop3
filter = pop3d
failregex = pop3d: LOGIN FAILED.*ip=\[.*:<HOST>\]
logpath = /var/log/mail.log
maxretry = 5

Basicaly the rule scans your mail.log file for the text "pop3d: LOGIN FAILED", and logs the IP who is causig the LOGIN FAILED.
After a maxretry of 5 times fail2ban will kick in, and block that IP.

Make sure that you restart fail2ban after adding this.

Last edited by edge; 29th September 2009 at 16:25.
Reply With Quote