View Single Post
  #1  
Old 22nd August 2010, 00:14
gasparov gasparov is offline
Junior Member
 
Join Date: Aug 2010
Posts: 1
Thanks: 0
Thanked 4 Times in 1 Post
Default Suggestion: check fail2ban sasl.conf for postfix smtpd

Hi,
this problem was present on my up to date system after following the ispconfig3 guide for ubuntu 9.10 and google says some debian users had a similar problem too.(bug 573314)

If you want to block smtp brute force attempts you have to enable the sasl filter in jail.conf and change failregex in /etc/fail2ban/filter.d/sasl.conf to

Code:
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
To test it:
Code:
fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/sasl.conf

This is a "works for me solution"

Thanks for the great guide, Ispconfig makes things so easy....
Reply With Quote
Sponsored Links