Suggestion: check fail2ban sasl.conf for postfix smtpd

[gasparov]

Hi,
this problem was present on my up to date system after following the ispconfig3 guide for ubuntu 9.10 and google says some debian users had a similar problem too.(bug 573314)

If you want to block smtp brute force attempts you have to enable the sasl filter in jail.conf and change failregex in /etc/fail2ban/filter.d/sasl.conf to

Code:

failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed

To test it:

Code:

fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/sasl.conf

This is a "works for me solution"

Thanks for the great guide, Ispconfig makes things so easy....