Re: [qmailtoaster] Fail2Ban - Qmail & Vpopmail [centos]

[Maxwell Smart]

Great work Ole.

I have fail2ban installed and I will test the vpopmail, since I am only 
using it for ssh and ftp right now.

CJ

Ole N.Johansen wrote:

*Install fail2ban:*

wget 
http://sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-0.8.3/fail2ban-0.8.3.tar.bz2/download

tar -xjvf fail2ban-0.8.3.tar.bz2

cd fail2ban-0.8.3

python setup.py install

*vi /etc/fail2ban/jail.conf*

Enable only the sections you need and do them one at a time. I have 
enabled SSH, ProFTP, Qmail* and Vpopmail* (* add sections as described 
below)

Set your local networks and any other networks you consider 'safe'. 
You certainly don't want to block your own clients!

## example::

ignoreip = 127.0.0.1 192.245.12.0/24 207.182.32.0/19 204.27.149.0/24

Also change bantime, findtime, maxretry time as it suits you.

If bantime = -1 is the same as never expire the IP ban.

*_* additional sections for jail.conf_*

[vpopmail]

enabled = true

port = pop3

filter = vpopmail

action = iptables[name=pop3, port=pop3, protocol=tcp] 
sendmailwhois[name=pop3,dest=y...@email.domain, sender=em...@adr]

logpath = /var/log/maillog

maxretry = 3

bantime = -1

[qmail-iptables]

enabled = true

filter = qmail

action = iptables[name=QMAIL, port=smtp, protocol=tcp]

sendmail-whois[name=QMAIL, dest=y...@email.domain]

logpath = /var/log/maillog

maxretry = 3

bantime = -1

Save and close the jail.conf file.

vi /etc/fail2ban/filter.d/vpopmail.conf (create new file)

*_Paste this into the file:_*

# Fail2Ban configuration file

#

# Author: Christoph Haas

# Modified by: Ole Johansen - CDS

#

# $Revision: 510 $

#

[Definition]

# Option: failregex

# Notes.: regex to match the password failures messages in the 
logfile. The

# host must be matched by a group named "host". The tag "<HOST>" can

# be used for standard IP/hostname matching and is only an alias for

# (?:::f{4,6}:)?(?P<host>\S+)

# Values: TEXT

#

failregex = vchkpw-pop3: vpopmail user not found .*@:<HOST>

# Option: ignoreregex

# Notes.: regex to ignore. If this regex matches, the line is ignored.

# Values: TEXT

#

ignoreregex =

Save and close the file.

Start the fail2ban by type: fail2ban-client start

New chains to the iptables are created.

Use iptables –L –n ,to show entries in the iptables

*I have not tested the changes, so I would like to get some feedback 
on this.*

* *

*B/R*

*Ole J*


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
    
     To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com