From: Gerry H. <gh...@bb...> - 2014-07-30 13:40:33
|
Ive gotten fail2ban working with my qmail install for failed smtp passwords using this jail.conf: [vpopmail-fail] enabled = true filter = vpopmail-fail action = iptables[name=SMTP, port=25, protocol=tcp] logpath = /var/log/maillog maxretry = 5 bantime = 600 findtime = 600 and using this regex conf file called vpopmail-fail.conf [Definition] failregex = vchkpw-smtp: password fail *@*.*: <mailto:*@*.*:%3cHOST> <HOST> ßAlso is this a good failregex expression with the wildcards characters? ignoreregex = Unfortunately, there are other lines in my maillog that Id like to block as well, but when I attempt to append to the jail.conf and the vpopmail-fail.conf, it doesnt work. I need to know how to add these lines from my maillog as well: Jul 30 08:01:49 mail vpopmail[25838]: vchkpw-smtp: vpopmail user not found user@:72.12.5.102 Jul 30 08:07:11 mail vpopmail[26506]: vchkpw-submission: password fail user@domain:166.147.114.180 Jul 30 08:08:49 mail vpopmail[26717]: vchkpw-pop3: password fail user@domain:92.45.201.142 Do I need individual filter configuration files, or do I append to the same one? Im pretty sure I can append to the same jail.conf file. Any help would be greatly appreciated! Thanks, Gerry Hudson |