Great work Ole.
I have fail2ban installed and I will test the vpopmail, since I am only
using it for ssh and ftp right now.
CJ
Ole N.Johansen wrote:
*Install fail2ban:*
wget
http://sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-0.8.3/fail2ban-0.8.3.tar.bz2/download
tar -xjvf fail2ban-0.8.3.tar.bz2
cd fail2ban-0.8.3
python setup.py install
*vi /etc/fail2ban/jail.conf*
Enable only the sections you need and do them one at a time. I have
enabled SSH, ProFTP, Qmail* and Vpopmail* (* add sections as described
below)
Set your local networks and any other networks you consider 'safe'.
You certainly don't want to block your own clients!
## example::
ignoreip = 127.0.0.1 192.245.12.0/24 207.182.32.0/19 204.27.149.0/24
Also change bantime, findtime, maxretry time as it suits you.
If bantime = -1 is the same as never expire the IP ban.
*_* additional sections for jail.conf_*
[vpopmail]
enabled = true
port = pop3
filter = vpopmail
action = iptables[name=pop3, port=pop3, protocol=tcp]
sendmailwhois[name=pop3,dest=y...@email.domain, sender=em...@adr]
logpath = /var/log/maillog
maxretry = 3
bantime = -1
[qmail-iptables]
enabled = true
filter = qmail
action = iptables[name=QMAIL, port=smtp, protocol=tcp]
sendmail-whois[name=QMAIL, dest=y...@email.domain]
logpath = /var/log/maillog
maxretry = 3
bantime = -1
Save and close the jail.conf file.
vi /etc/fail2ban/filter.d/vpopmail.conf (create new file)
*_Paste this into the file:_*
# Fail2Ban configuration file
#
# Author: Christoph Haas
# Modified by: Ole Johansen - CDS
#
# $Revision: 510 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the
logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = vchkpw-pop3: vpopmail user not found .*@:<HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Save and close the file.
Start the fail2ban by type: fail2ban-client start
New chains to the iptables are created.
Use iptables –L –n ,to show entries in the iptables
*I have not tested the changes, so I would like to get some feedback
on this.*
* *
*B/R*
*Ole J*
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com