Hi, I've started to notice lots of failed imap attemps for nonexisting accounts, so I guess it would be a good idea to setup fail2ban.
There is a nice guide available in the wiki (thanks!) : http://wiki.qmailtoaster.com/index.php/Fail2Ban A few questions before I try to put this in production: In general, these instructions are still valid for the toaster, yes? There is a note in the Wiki saying "when fail2ban reload and/or iptables restart and/or rebooting and/or the weekly logrotate, those rules are gone". To prevent this two advices are given: " - Before changes, write existing iptables rules to file # service iptables save - And after any change load the saved set of rules # service iptables restart - Tune fail2ban to write IPs to /etc/fail2ban/ip.deny " My question regarding this are: 1) How is fail2ban configured to write IPs to /etc/fail2ban/ip.deny ? 2) And would a valid approach to be to configure fail2ban init script and logrotate to read the banned IPs from that ip.deny and then feed it to iptables? Or how are people using fail2ban handling this situation? Best regards, Peter
