View Single Post
Old 29th March 2013, 15:28
arraken arraken is offline
Join Date: Mar 2010
Posts: 94
Thanks: 14
Thanked 3 Times in 3 Posts

Thanks for the tipps guys!

I'll set up mail for ssl and try to move my clients over asap.

Concerning the fail2ban rules: i have some rules, following this tutorial:

So i got a rule for sasl that looks like this:

enabled = true
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = sasl
logpath = /var/log/mail.log
maxretry = 3

When i check the logs with the command suggested by pititis "fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/sasl.conf" i dont get any results though.

But in the attack on my server, the user apparently logged in with the correct (hacked) password, so i guess the sasl rule doesn't trigger in that case, is that right?

@leonheart82: Can you tell me which sasl rule you use? I'm curious about that, as it seems to be working.

which fail2ban rules would be responsible to block a single account from sending huge amouts of mails? Or do i just need a simple postfix rule for that?

@compugraphix: do you have any suggestions for courier-pop3(-ssl), courier-imap(-ssl) and smtp settings for fail2ban, or a good tutorial? I found this one: but it's from 2007, and there's no smtp rule.

thanks again for the help. you never stop learning here.
Reply With Quote