Re: [qmailtoaster] Account Break-in Attempts

Wed, 07 Dec 2011 09:21:07 -0800 

in my /etc/fail2ban/jail.local

[vpopmail]
enabled = true
port = pop3
filter = vpopmail
action = iptables[name=pop3, port=pop3, protocol=tcp] sendmailwhois[name=pop3,dest=y...@email.domain, sender=em...@adr] 
logpath = /var/log/maillog
maxretry = 3
bantime = -1


Also, the vpomail.conf:
# Fail2Ban configuration file
# Author: Christoph Haas
# Modified by: Ole Johansen - CDS
# $Revision: 510 $

[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT

failregex = vchkpw-pop3: vpopmail user not found .*@:<HOST>

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT

ignoreregex =

Hop it help.


On 12/7/2011 10:00 AM, Helmut Fritz wrote:


I will third fail2ban.

But if anyone has a pop config they can share I would appreciate it.

*From:*Carlos Herrera Polo [mailto:carlos.herrerap...@gmail.com]
*Sent:* Wednesday, December 07, 2011 7:48 AM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] Account Break-in Attempts

fail2ban
2011/12/7 Mike Tirpak <mike.tir...@mobilcom.net <mailto:mike.tir...@mobilcom.net>> 

Everyone,
Logwatch has been reporting "No Such User Found" with over one thousand failures for each name. Of course someone is trying to find an account to exploit. Is there a way to block an IP address after so many failed attempts on an account? 

Thanks,
Mike

---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com <http://www.vickersconsulting.com>) 
  Vickers Consulting Group offers Qmailtoaster support and installations.
    If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com <http://qmailtoaster.com> for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com <mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com <mailto:qmailtoaster-list-h...@qmailtoaster.com>

Reply via email to