Re: [Dovecot] fail2ban 0.8

15 Sep 2008 · *passwd.*


      Luigi Rosa wrote:
...
Does anyone have the filter strings for Fail2Ban 0.8 to block Dovecot 1.1 login
failures?
In "jail.conf" I use:
enabled  = true
filter   = dovecot
action   = iptables-multiport[name=Dovecot, port="imap,imaps", protocol=tcp]
sendmail-whois[name=Dovecot, dest=someone@yourdomain.com,
sender=root@yourdomain.com]
logpath  = /var/log/dovecot
maxretry = 3
bantime  = 3600
You will need to modify the entries shown above based on your own
configuration.  Then in "dovecot.conf" I use:
failregex = mail dovecot.*passwd.*,<HOST>\).*(unknown user|Password
mismatch)
Watch out for word-wrapping in the above lines.
Bill

Re: [Dovecot] fail2ban 0.8

Bill Landry

In "jail.conf" I use:

enabled = true filter = dovecot action = iptables-multiport[name=Dovecot, port="imap,imaps", protocol=tcp] sendmail-whois[name=Dovecot, dest=someone@yourdomain.com, sender=root@yourdomain.com] logpath = /var/log/dovecot maxretry = 3 bantime = 3600

You will need to modify the entries shown above based on your own configuration. Then in "dovecot.conf" I use:

failregex = mail dovecot.passwd.,<HOST>\).*(unknown user|Password mismatch)

Re: [Dovecot] fail2ban 0.8

Bill Landry

In "jail.conf" I use:

enabled = true filter = dovecot action = iptables-multiport[name=Dovecot, port="imap,imaps", protocol=tcp] sendmail-whois[name=Dovecot, dest=someone@yourdomain.com, sender=root@yourdomain.com] logpath = /var/log/dovecot maxretry = 3 bantime = 3600

You will need to modify the entries shown above based on your own configuration. Then in "dovecot.conf" I use:

failregex = mail dovecot.*passwd.*,<HOST>\).*(unknown user|Password mismatch)

failregex = mail dovecot.passwd.,<HOST>\).*(unknown user|Password mismatch)