[Dovecot] fail2ban 0.8
Bill Landry
bill at inetmsg.com
Mon Sep 15 20:50:41 EEST 2008
Luigi Rosa wrote:
> Does anyone have the filter strings for Fail2Ban 0.8 to block Dovecot 1.1 login
> failures?
In "jail.conf" I use:
==========
enabled = true
filter = dovecot
action = iptables-multiport[name=Dovecot, port="imap,imaps", protocol=tcp]
sendmail-whois[name=Dovecot, dest=someone at yourdomain.com,
sender=root at yourdomain.com]
logpath = /var/log/dovecot
maxretry = 3
bantime = 3600
==========
You will need to modify the entries shown above based on your own
configuration. Then in "dovecot.conf" I use:
==========
failregex = mail dovecot.*passwd.*,<HOST>\).*(unknown user|Password
mismatch)
==========
Watch out for word-wrapping in the above lines.
Bill
More information about the dovecot
mailing list