ot: fail2ban dovecot setup
voytek at sbt.net.au
voytek at sbt.net.au
Sun Dec 17 21:08:58 EET 2017
On Mon, December 18, 2017 3:06 am, Alex JOST wrote:
> Did you enable the dovecot service in fail2ban? By default all jails are
> disabled.
>
> /etc/fail2ban/jail.conf:
> [dovecot]
> enabled = true
Alex, thanks
no, not in jail.conf, I've put it in the
(1)
/etc/fail2ban/jail.local
I've also added postfix, that seems to work:
I've made test failed dovecot and postfix from phone/cell connection, I
think? postfix one worked, but, nothing registered on dovecot
do you know where f2b places bad IPs ? I saw them listed on 'status;, but,
couldn't find them in /etc/hosts.deny, not sure if they meant to be there.
[and, the device, after failing smtp, could still access http, so not sure
if my testing is valid]
# fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: dovecot-pop3imap, postfx-sasl
# fail2ban-client status postfx-sasl
Status for the jail: postfx-sasl
|- Filter
| |- Currently failed: 0
| |- Total failed: 57
| `- File list: /var/log/maillog
`- Actions
|- Currently banned: 1
|- Total banned: 7
`- Banned IP list: 201.249.46.118
# fail2ban-client status dovecot-pop3imap
Status for the jail: dovecot-pop3imap
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/dovecot.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
(1)
# cat jail.local
[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap",
protocol=tcp]
logpath = /var/log/dovecot.log
maxretry = 5
findtime = 300
bantime = 3600
ignoreip = 127.0.0.1 127.0.0.0/8
[postfx-sasl]
enabled = true
filter = postfix-sasl
action = iptables-multiport[name=postfix,
port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve",
protocol=tcp]
# sendmail[name=Postfix, dest=you at mail.com]
logpath = /var/log/maillog
bantime = 3600
maxretry = 5
ignoreip = 127.0.0.1 127.0.0.0/8
More information about the dovecot
mailing list