[qmailtoaster] Fail2Ban - Qmail & Vpopmail [centos]

Sat, 29 Aug 2009 05:40:06 -0700 

Install fail2ban:

 

wget
http://sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-0.8.
3/fail2ban-0.8.3.tar.bz2/download

tar -xjvf fail2ban-0.8.3.tar.bz2

cd fail2ban-0.8.3

python setup.py install

 

vi /etc/fail2ban/jail.conf

 

Enable only the sections you need and do them one at a time.  I have enabled
SSH, ProFTP, Qmail* and Vpopmail* (* add sections as described below)

 

Set your local networks and any other networks you consider 'safe'.  You
certainly don't want to block your own clients!

 

## example::

 

ignoreip = 127.0.0.1 192.245.12.0/24 207.182.32.0/19 204.27.149.0/24

 

Also change bantime, findtime, maxretry time as it suits you.

If bantime = -1 is the same as never expire the IP ban.

 

* additional sections for jail.conf

 

[vpopmail]

 

enabled = true        

port = pop3

filter = vpopmail

action = iptables[name=pop3, port=pop3, protocol=tcp]
sendmailwhois[name=pop3,dest=y...@email.domain, sender=em...@adr]

logpath = /var/log/maillog

maxretry = 3

bantime = -1

 

[qmail-iptables]

 

enabled = true

filter = qmail

action = iptables[name=QMAIL, port=smtp, protocol=tcp]

      sendmail-whois[name=QMAIL, dest=y...@email.domain]

logpath = /var/log/maillog

maxretry = 3                

bantime = -1

 

Save and close the jail.conf file.

 

vi /etc/fail2ban/filter.d/vpopmail.conf (create new file)

 

Paste this into the file:

 

# Fail2Ban configuration file

#

# Author: Christoph Haas

# Modified by: Ole Johansen - CDS

#

# $Revision: 510 $

#

 

[Definition]

 

# Option:  failregex

# Notes.:  regex to match the password failures messages in the logfile. The

#          host must be matched by a group named "host". The tag "<HOST>"
can

#          be used for standard IP/hostname matching and is only an alias
for

#          (?:::f{4,6}:)?(?P<host>\S+)

# Values:  TEXT

#

failregex = vchkpw-pop3: vpopmail user not found .*@:<HOST>

 

# Option:  ignoreregex

# Notes.:  regex to ignore. If this regex matches, the line is ignored.

# Values:  TEXT

#

ignoreregex =

 

Save and close the file.

Start the fail2ban by type: fail2ban-client start

 

New chains to the iptables are created.

Use iptables -L -n ,to show entries in the iptables

 

I have not tested the changes, so I would like to get some feedback on this.

 

B/R

Ole J

Reply via email to