タイトル | : Using Fail2ban with Dovecot |
記事No | : 57 |
投稿日 | : 2013/02/10(Sun) 15:17 |
投稿者 | : Moro |
fail2banのdovecot用の設定。
/etc/fail2ban/filter.d/dovecot-pop3imap.conf
[Definition] failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* ignoreregex =
/etc/fail2ban/jail.local
[dovecot-pop3imap] enabled = true filter = dovecot-pop3imap port = pop3,pop3s,imap,imaps action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] # optionaly mail notification # mail[name=dovecot-pop3imap, dest=root@domain] # see /etc/fail2ban/action.d/ or Fail2Ban doc logpath = /var/log/mail.log maxretry = 20 findtime = 1200 bantime = 1200
|