| タイトル | : Using Fail2ban with Dovecot |
| 記事No | : 57 |
| 投稿日 | : 2013/02/10(Sun) 15:17 |
| 投稿者 | : Moro |
fail2banのdovecot用の設定。
/etc/fail2ban/filter.d/dovecot-pop3imap.conf
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =
/etc/fail2ban/jail.local
[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
port = pop3,pop3s,imap,imaps
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
# optionaly mail notification # mail[name=dovecot-pop3imap, dest=root@domain] # see /etc/fail2ban/action.d/ or Fail2Ban doc
logpath = /var/log/mail.log
maxretry = 20
findtime = 1200
bantime = 1200
|