Re: [Fail2ban-users] Ban usernames instead of IPs

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello Cristian

On 29.10.2013 13:46, Cristian Mammoli wrote:
> Hi, I'm using this tool
> http://www.gufonero.com/postfix/check_auth_log.html to parse postfix logs.
>
> It's a tool to limit damages done by spammers using stolen smtp credentials.

> The tool works but is slow and inefficient. I already have fail2ban in
> place, is it possible to configure it for the same purpose?

I have created something like this in fail2ban with calling a 
script from the action (custom action). It does not quite what 
you are asking, but it can take actions only if the source IP 
address is from a foreign country (based on whois output). I have 
two different action, one does just ban like regular f2b, and the 
other one would disable SMTP accounts. I have published it at 
[1], maybe it may inspire you to use this idea and adapt for Postfix.

   [1] http://www.wenks.ch/fabian/fail2ban/action-with-script.html

bye
Fabian