hi all i am attaching my jail.conf and pop.conf for qmail pop3 (this is working for me) may be you can edit it to your needs
[root@mail ~]# cat /etc/fail2ban/jail.conf [pop3] enabled = true filter = pop3 action = iptables[name=pop3, port=110, protocol=tcp] logpath = /var/log/maillog maxretry = 3 bantime = 86400 findtime = 3600 ignoreip = 127.0.0.1 (you can put any other ip you want hear) backend = auto root@mail ~]# cat /etc/fail2ban/filter.d/pop3.conf [Definition] #Looks for failed password logins to SMTP failregex = vchkpw-pop3: password fail ([^)]*) [^@]*@[^:]*:<HOST> ignoreregex = regards NIshant Amin On Tue, Aug 2, 2011 at 7:08 AM, James Beam <james.b...@pinnacle1.com> wrote: > They mean share your jail config for pop3 to get it working with Qmail - I > have been curious of that myself… > > > > I use Fail2Ban on all my linux boxes - just never got it to work with qmail > pop3 or pop3ssl… > > > > Imap would be nice too! > > > > > > From: Délsio Cabá [mailto:del...@gmail.com] > Sent: Monday, August 01, 2011 11:06 PM > To: qmailtoaster-list@qmailtoaster.com > Subject: Re: [qmailtoaster] Denial of Service on POP3 > > > > Hi, > > Thanks for the reply. Is there any chance you could share with us the pop3 > filter code for qmail? > > Thanks for any help :) > > On 1 August 2011 12:50, <ole.johan...@cryonix.no> wrote: > > Fail2ban can be downloaded from YUM > > You need to change some settings in the config files to match your > requirements. Its also has settings for bantime, who to mail when someone > gets banned (ip adress), it uses iptables to update blocking schemes. > > I use fail2ban for pop3, smtp, ftp > > B/R Ole > Using two latest Centos dists with QMT and Fail2Ban enabled. > >> Thanks, >> But what if they are from different IP or I don't even get aware of the >> attack? >> >> I think the best approach would be to use fail2ban. So I need someone that >> already has a rule >> >> Thanks >> >> On 29 July 2011 16:16, Sergio Rosa <sergior...@awd.pt> wrote: >> >>> block them at the fw level. or place an iptables rules on your host. >>> This >>> will do the job if the source ip is the same all the time. >>> >>> --- >>> Thank you, >>> Sérgio Rosa >>> >>> T. +351 91348 9195 >>> @. sergior...@awd.pt >>> >>> AWD - Arq. Web e Design, Unip. Lda >>> R. Moinho Velho, 19, 2ºDto >>> 2655-242 Ericeira >>> http://www.awd.pt >>> >>> >>> On Fri, 29 Jul 2011 16:10:08 +0200, Délsio Cabá wrote: >>> >>>> Hi, >>>> >>>> I see these logs on pop3: >>>> @400000004e32be9f2581381c tcpserver: ok 19434 >>>> ns.mozdesigners.com:196.46.2.**236:110 :203.200.117.65::3912 >>>> @400000004e32bea00e2281e4 tcpserver: end 19433 status 256 >>>> @400000004e32bea00e22f32c tcpserver: status: 3/200 >>>> @400000004e32bea020c630ac tcpserver: end 19434 status 256 >>>> @400000004e32bea020c63c64 tcpserver: status: 2/200 >>>> @400000004e32bea11ed14264 tcpserver: status: 3/200 >>>> @400000004e32bea11ed15204 tcpserver: pid 19449 from 203.200.117.65 >>>> @400000004e32bea11edeb7b4 tcpserver: ok 19449 >>>> ns.mozdesigners.com:196.46.2.**236:110 :203.200.117.65::3970 >>>> @400000004e32bea21499cfb4 tcpserver: end 19449 status 256 >>>> @400000004e32bea21499df54 tcpserver: status: 2/200 >>>> @400000004e32bea312f84ce4 tcpserver: status: 3/200 >>>> @400000004e32bea312f8589c tcpserver: pid 19456 from 203.200.117.65 >>>> @400000004e32bea312f86454 tcpserver: ok 19456 >>>> ns.mozdesigners.com:196.46.2.**236:110 :203.200.117.65::4024 >>>> @400000004e32bea409545fd4 tcpserver: end 19456 status 256 >>>> @400000004e32bea409546f74 tcpserver: status: 2/200 >>>> @400000004e32bea5084443ac tcpserver: status: 3/200 >>>> @400000004e32bea50844534c tcpserver: pid 19462 from 203.200.117.65 >>>> @400000004e32bea508445f04 tcpserver: ok 19462 >>>> ns.mozdesigners.com:196.46.2.**236:110 :203.200.117.65::4092 >>>> >>>> It seams to be a dos. >>>> For smtp I use fail2ban. >>>> Anyone knows how to block these IP using by creating a rule on >>>> fail2ban? >>>> >>>> Regards >>>> >>> >>> >>> ------------------------------**------------------------------** >>> --------------------- >>> Qmailtoaster is sponsored by Vickers Consulting Group ( >>> www.vickersconsulting.com) >>> Vickers Consulting Group offers Qmailtoaster support and >>> installations. >>> If you need professional help with your setup, contact them today! >>> ------------------------------**------------------------------** >>> --------------------- >>> Please visit qmailtoaster.com for the latest news, updates, and >>> packages. >>> To unsubscribe, e-mail: qmailtoaster-list-unsubscribe@** > >>> qmailtoaster.com <qmailtoaster-list-unsubscr...@qmailtoaster.com> > >>> For additional commands, e-mail: qmailtoaster-list-help@** > >>> qmailtoaster.com <qmailtoaster-list-h...@qmailtoaster.com> > >>> >>> >>> >> > > > > --------------------------------------------------------------------------------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > --------------------------------------------------------------------------------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > > ________________________________ > The information contained in this email is intended only for the person or > entity to whom it is addressed and may contain confidential and/or > privileged material; unauthorized use of this information is prohibited. If > you have received this in error, please notify the sender and delete the > material immediately. Thank you. > --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
