Re: OT: Fail2ban linux

2014-10-14 Thread LuKreme 
On Oct 13, 2014, at 06:48, Markus Benning  wrote:
> The mtpolicyd policy daemon has a plugin for directly adding IPs to
> a fail2ban target without the logging/parsing.
> It directly uses the unix socket for communication with the fail2ban
> daemon.
> 
> https://www.mtpolicyd.org/
> 
> Plugin:
> 
> http://www.mtpolicyd.org/documentation.html#Mail::MtPolicyd::Plugin::Fail2Ban

That sounds excellent. Thanks for the pointer

Re: OT: Fail2ban linux

2014-10-13 Thread Koko Wijatmoko 
On Mon, 13 Oct 2014 14:48:36 +0200
Markus Benning  wrote:

> On Sun, Oct 12, 2014 at 03:27:41AM -0300, Julio Cesar Covolato wrote:
> > Hi People!
> > Anyone has a good rule for postfix smtpd whit fail2ban?
> > Sorry for the OT:))
> 
> The mtpolicyd policy daemon has a plugin for directly adding IPs to
> a fail2ban target without the logging/parsing.
> It directly uses the unix socket for communication with the fail2ban
> daemon.
> 
never know it before, sounds great..

Re: OT: Fail2ban linux

2014-10-13 Thread Markus Benning 
On Sun, Oct 12, 2014 at 03:27:41AM -0300, Julio Cesar Covolato wrote:
> Hi People!
> Anyone has a good rule for postfix smtpd whit fail2ban?
> Sorry for the OT:))

The mtpolicyd policy daemon has a plugin for directly adding IPs to
a fail2ban target without the logging/parsing.
It directly uses the unix socket for communication with the fail2ban
daemon.

https://www.mtpolicyd.org/

Plugin:

http://www.mtpolicyd.org/documentation.html#Mail::MtPolicyd::Plugin::Fail2Ban

For example I use it to create a scoring based on different RBLs, SPF, GeoIP.
Clients with a very bad reputation get rejected and added to fail2ban.
Clients with a dubious reputation get greylisting applied.
Clients with a good reputation just pass.

Since it is a policy daemon it only does SMTP level checks.

For parsing of postfix logs there's already a filter.d/postfix.conf included 
with the
fail2ban package.

For amavis log file i use the following configuration:

--- filter.d/amavis.local
[INCLUDES]
before = common.conf

[Definition]
_daemon = amavis
failregex = ^%(__prefix_line)s.*(Blocked|Passed) (INFECTED|SPAM|SPAMMY)
{(RejectedInbound|RelayedTaggedInbound)}, \[\]
ignoreregex =
---

- Markus

Re: OT: Fail2ban linux

2014-10-11 Thread Koko Wijatmoko 
On Sun, 12 Oct 2014 03:27:41 -0300
Julio Cesar Covolato  wrote:

> Anyone has a good rule for postfix smtpd whit fail2ban?
> 
Google is not enough for you?
http://www.fail2ban.org/wiki/index.php/Postfix