On 12/08/11 23:20, Dave wrote:
Hi Pak Ogah
Added those to the wiki.
FYI: in there you have
" Tune fail2ban to write IPs to /etc/fail2ban/ip.deny "
How did you do that?
Thanks
it wasn't me who create the wiki
Sminini / Sergio M who create the initial page
http://wiki.qmailtoaster.com/index.php?title=Fail2Ban&action=history
I still don't know when/how to run the Note
http://wiki.qmailtoaster.com/index.php/Fail2Ban#Note
Sergio, perhaps can answer that
I am just tidying it up and make sure all qmt-related knowlegdes is there,
I am a lazy admin.
I prefer search a documentation rather than troubleshooting a problem
that someone already solved
anyway, I am tidying your filter and jail into appropriate section
On 12/7/2011 8:51 PM, Pak Ogah wrote:
On 12/08/11 0:21, Dave wrote:
in my /etc/fail2ban/jail.local
[vpopmail]
enabled = true
port = pop3
filter = vpopmail
action = iptables[name=pop3, port=pop3, protocol=tcp]
sendmailwhois[name=pop3,dest=y...@email.domain, sender=em...@adr]
logpath = /var/log/maillog
maxretry = 3
bantime = -1
Also, the vpomail.conf:
# Fail2Ban configuration file
# Author: Christoph Haas
# Modified by: Ole Johansen - CDS
# $Revision: 510 $
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the
logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
failregex = vchkpw-pop3: vpopmail user not found .*@:<HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
ignoreregex =
Hop it help.
Dave,
Could you mind add this fail2ban rule on
http://wiki.qmailtoaster.com/index.php/Fail2Ban
if your rule is not listed there. so it can secure other qmt box as well
I am still confuse regarding fail2ban rule and config.