Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st October 2010, 17:25
linus3x linus3x is offline
Junior Member
 
Join Date: Oct 2010
Posts: 16
Thanks: 2
Thanked 4 Times in 3 Posts
Default Section 6.5, ISPConfig 3 Manual

First off, you guys did a great job on the ISPConfig 3 manual - very easy to follow.

I just wanted to point out one thing that I noticed. It's in section 6.5 - How Do I Make fail2ban Monitor Additional Services? When I followed that section, I was getting errors like the following in my fail2ban log:

Code:
fail2ban.comm   : WARNING Invalid command: ['set', 'courierimap', 'failregex', 'imapd: LOGIN FAILED.*ip=\\[.*:<HOST>\\]']
I saw those for courierpop3, courierimap, and SASL. I investigated and found that the /etc/fail2ban/jail.conf file for the fail2ban that was downloaded from the Debian repository already had sections for those 3 in it. They just weren't enabled. Further, there were already /etc/fail2ban/filter.d/*.conf files for those sections included.

Note: the courier sections were named differently - I think pop3d and imap?

I basically followed Thomas's instructions at the bottom of this post to fix it.

Edit the conf file:

Code:
vi /etc/fail2ban/jail.conf
Remove the failregex line and update the filter:

Code:
[courierimap]

enabled = true
port = imap2
filter = courierlogin
failregex = imapd: LOGIN FAILED.*ip=\[.*:<HOST>\]
logpath = /var/log/mail.log
maxretry = 5
Becomes:

Code:
[courierimap]

enabled = true
port = imap2
filter = courierimap
logpath = /var/log/mail.log
maxretry = 5
Create a filter file /etc/fail2ban/filter.d/courierimap.conf with the following content:

Code:
vi /etc/fail2ban/filter.d/courierimap.conf
Code:
# Fail2Ban configuration file
#
# $Revision: 100 $
#

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#
failregex = imapd: LOGIN FAILED.*ip=\[.*:<HOST>\]

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex = imapd: LOGIN FAILED.*ip=\[.*127\.0\.0\.1\]
BTW, I added ignoreregex to this one because failed squirrelmail logins were generating failed logins on 127.0.0.1 no matter what the end user's IP address really was.

Again - great job on the manual - it's been invaluable in getting setup.
Reply With Quote
The Following User Says Thank You to linus3x For This Useful Post:
falko (22nd October 2010)
Sponsored Links
  #2  
Old 22nd October 2010, 15:30
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
 
Default

Thanks a lot - I will review that chapter.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig Wiki Italian Manual vaio1 General 0 27th January 2010 10:34
manual ispconfig 3 ilgio General 13 31st March 2009 16:45
ISPConfig 3.0.1 released till General 36 29th March 2009 14:30
ISPConfig 3.0.0.6 Beta released till General 38 21st September 2008 19:15
ISPConfig 3.0.0.5 Beta Released till General 77 23rd July 2008 12:14


All times are GMT +2. The time now is 01:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.