Difference between revisions of "ASSP"
From Fail2ban
Jump to navigationJump to search (Fixed important tip.) |
(Added contents for assp.conf) |
||
| Line 1: | Line 1: | ||
== ASSP filter for Fail2ban == | == ASSP filter for Fail2ban == | ||
| − | Save the | + | Save the following into the '''/etc/fail2ban/filter.d/assp.conf''' file: |
| + | |||
| + | # Fail2Ban configuration file | ||
| + | # | ||
| + | # Author: Viktor Ferenczi (python <at-here> cx <dot-here> hu) | ||
| + | # | ||
| + | |||
| + | [Definition] | ||
| + | |||
| + | # Option: failregex | ||
| + | # Notes.: regex to match the SMTP failure messages in the logfile. The | ||
| + | # host must be matched by a group named "host". The tag "<HOST>" can | ||
| + | # be used for standard IP/hostname matching and is only an alias for | ||
| + | # (?:::f{4,6}:)?(?P<host>\S+) | ||
| + | # Values: TEXT | ||
| + | # | ||
| + | # Example: Nov-14-09 00:14:50 54090-05322 201.244.255.72 <badguy@gtgwhhrthrth.com> [SMTP Error] 550 5.1.1 User unknown: your.user@your-domain.com | ||
| + | failregex = .*? \d{5}-\d{5} <HOST> <.*?> \[SMTP Error\] (.*) | ||
| + | |||
| + | # Option: ignoreregex | ||
| + | # Notes.: regex to ignore. If this regex matches, the line is ignored. | ||
| + | # Values: TEXT | ||
| + | # | ||
| + | ignoreregex = | ||
| + | |||
Add this section to your '''/etc/fail2ban/jail.conf''' file: | Add this section to your '''/etc/fail2ban/jail.conf''' file: | ||
Revision as of 14:09, 3 January 2010
ASSP filter for Fail2ban
Save the following into the /etc/fail2ban/filter.d/assp.conf file:
# Fail2Ban configuration file
#
# Author: Viktor Ferenczi (python <at-here> cx <dot-here> hu)
#
[Definition]
# Option: failregex
# Notes.: regex to match the SMTP failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
# Example: Nov-14-09 00:14:50 54090-05322 201.244.255.72 <badguy@gtgwhhrthrth.com> [SMTP Error] 550 5.1.1 User unknown: your.user@your-domain.com
failregex = .*? \d{5}-\d{5} <HOST> <.*?> \[SMTP Error\] (.*)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Add this section to your /etc/fail2ban/jail.conf file:
[assp] enabled = true port = smtp,ssmtp filter = assp logpath = /var/log/assp/maillog.txt
IMPORTANT: Symlink the logs subdirectory of your ASSP installation as /var/log/assp or change the logpath in your jail configuration to point to ASSP's maillog.txt file.
Don't forget to restart fail2ban.
Check the end of your fail2ban.log whether fail2ban picked up ASSP's log file.
