#1  
Old 14th February 2013, 20:05
Classy_Manatee Classy_Manatee is offline
Junior Member
  
Join Date: Feb 2013
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Configuring fail2ban
I am looking into putting fail2ban on a mail server to help reduce the number of outbound spam attacks. Is there a way to set it up to notify me when a user exceeds a maximum number of authentications (successful or failed) in a given time frame? So far I can only find how to set it for failed attempts.
Reply With Quote
Sponsored Links
  #2  
Old 15th February 2013, 07:39
florian030 florian030 is offline
Member
  
Join Date: Oct 2012
Posts: 62
Thanks: 5
Thanked 12 Times in 11 Posts
 
Default
You can change the corresponding failregx so it matches successful and failed logins.

Change
Code:
failregex = LOGIN FAILED, .*, ip=\[<HOST>\]$
to

Code:
failregex = LOGIN , .*, ip=\[<HOST>\]$
In the next step change maxretry and maybe the action for the jail.

After reloading the jail, fail2ban triggers on both login-types.

If you have problems with outbound spam,you should check your system instead of using f2b as a workaround.
__________________
regards
Florian

blog.schaal-24.de
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig 3 - MultiServer Setup - With Dedicated Control Panel - How? SuperJC Installation/Configuration 4 16th October 2012 20:03
Configuring fail2ban for Roundcube snowweb Server Operation 1 30th August 2012 09:02
Help with Fail2ban florix.net Installation/Configuration 4 26th January 2011 00:53
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 07:29
Xen on Ubuntu kmand HOWTO-Related Questions 17 5th March 2009 18:43


All times are GMT +2. The time now is 13:18.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.