Configuring fail2ban

Discussion in 'Server Operation' started by Classy_Manatee, Feb 14, 2013.

  1. Classy_Manatee

    Classy_Manatee New Member

    I am looking into putting fail2ban on a mail server to help reduce the number of outbound spam attacks. Is there a way to set it up to notify me when a user exceeds a maximum number of authentications (successful or failed) in a given time frame? So far I can only find how to set it for failed attempts.
     
  2. florian030

    florian030 HowtoForge Supporter

    You can change the corresponding failregx so it matches successful and failed logins.

    Change
    Code:
    failregex = LOGIN FAILED, .*, ip=\[<HOST>\]$
    to

    Code:
    failregex = LOGIN , .*, ip=\[<HOST>\]$
    In the next step change maxretry and maybe the action for the jail.

    After reloading the jail, fail2ban triggers on both login-types.

    If you have problems with outbound spam,you should check your system instead of using f2b as a workaround.
     

Share This Page