On 19/8/2016 5:29 μμ, Benny Pedersen wrote:
fail2ban ?
Thank you,
I am already using fail2ban directly with the following rules:
/etc/fail2ban/filter.d/:
failregex = reject: RCPT from (.*)\[<HOST>\]: 554
reject: RCPT from (.*)\[<HOST>\]: 450
reject: RCPT from (.*)\[<HOST>\]:([0-9]{4,5}:)? 550
too many errors after AUTH from (.*)\[<HOST>\]
ignoreregex =
/etc/fail2ban/jail.conf:
[postfix]
enabled = true
filter = postfix
action = iptables-multiport[name=Postfix, port="smtp,submission",
protocol=tcp]
logpath = /var/log/maillog
maxretry = 6
findtime = 1200
bantime = 7200
I understand your suggestion to query the fail2ban db directly from
postfix but I need to research more on how to implement that.
Yet, I guess we could get better results by fail2ban itself? Could you
suggest how to expand/improve filtering rules and policy so as to get
better results from fail2ban itself?
Any directions on how to better leverage fail2ban with any or both ways
will be appreciated!
All the best,
Nick
