Used on Centos 5.5
>> /etc/fail2ban/filter.d/qmail-pop3.conf
--- start cut --
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag
"<HOST>" can
# be used for standard IP/hostname matching and is only an
alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = vchkpw-pop3: vpopmail user not found .*:<HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
--- end cut ---
>> jail.conf
[qmail-pop3]
enable = true
filter = qmail-pop3
action = shorewall
sendmail[name="Qmail Pop3 user fail",
dest=changet...@yourdomain.com]
logpath = /your/path/to/pop3/logs
maxretry = 3
bantime = 600
=================================
T.Bogdan
Sys & Net Admin
Direkt Network
http://www.direkt.ro
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com