Configuring fail2ban

Discussion in 'Server Operation' started by Classy_Manatee, Feb 14, 2013.

  1. Classy_Manatee

    Classy_Manatee New Member

    I am looking into putting fail2ban on a mail server to help reduce the number of outbound spam attacks. Is there a way to set it up to notify me when a user exceeds a maximum number of authentications (successful or failed) in a given time frame? So far I can only find how to set it for failed attempts.
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    You can change the corresponding failregx so it matches successful and failed logins.

    Change
    Code:
    failregex = LOGIN FAILED, .*, ip=\[<HOST>\]$
    to

    Code:
    failregex = LOGIN , .*, ip=\[<HOST>\]$
    In the next step change maxretry and maybe the action for the jail.

    After reloading the jail, fail2ban triggers on both login-types.

    If you have problems with outbound spam,you should check your system instead of using f2b as a workaround.
     

Share This Page