[Fail2ban-users] qmail and fail2ban

[Gerry H. <gh...@bb...>]

I’ve gotten fail2ban working with my qmail install for failed smtp passwords
using this jail.conf:

 

[vpopmail-fail]

 

enabled  = true

filter   = vpopmail-fail

action   = iptables[name=SMTP, port=25, protocol=tcp]

logpath  = /var/log/maillog

maxretry = 5

bantime  = 600

findtime = 600

 

 

and using this regex conf file called vpopmail-fail.conf

 

[Definition]

 

failregex = vchkpw-smtp: password fail *@*.*: <mailto:*@*.*:%3cHOST> <HOST>
ßAlso…is this a good failregex expression with the wildcards characters?

ignoreregex =

 

 

Unfortunately, there are other lines in my maillog that I’d like to block as
well, but when I attempt to append to the jail.conf and the
vpopmail-fail.conf, it doesn’t work. I need to know how to add these lines
from my maillog as well:

 

Jul 30 08:01:49 mail vpopmail[25838]: vchkpw-smtp: vpopmail user not found
user@:72.12.5.102

Jul 30 08:07:11 mail vpopmail[26506]: vchkpw-submission: password fail
user@domain:166.147.114.180

Jul 30 08:08:49 mail vpopmail[26717]: vchkpw-pop3: password fail
user@domain:92.45.201.142

 

 

Do I need individual filter configuration files, or do I append to the same
one? I’m pretty sure I can append to the same jail.conf file. 

Any help would be greatly appreciated! 

Thanks,
Gerry Hudson