under another kind of attack
Davide Marchi
danjde at msw.it
Sat Jul 29 14:34:32 EEST 2017
Hi to all,
@Olaf Hopp I've this filter enabled for fail2ban, my question is: could
my filters overlap or interfere with those suggested by you?
this is my filter:
Contents of /etc/fail2ban/jail.conf:
[postfix]
# Ban for 10 minutes if it fails 6 times within 10 minutes
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 6
bantime = 600
findtime = 600
Contents of /etc/fail2ban/filter.d/postfix.conf:
# Fail2Ban configuration file
# Author: Cyril Jaquier
# $Revision$
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the
logfile. The
# host must be matched by a group named "host". The tag
"<HOST>" can
# be used for standard IP/hostname matching and is only an
alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
# Jul 11 02:35:08 mail postfix/smtpd[16299]: lost connection after AUTH
from unknown[196.12.178.73]
failregex = lost connection after AUTH from unknown\[<HOST>\]
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Many thanks!
More information about the dovecot
mailing list