Difference between revisions of "Sendmail"
From Fail2ban
Jump to navigationJump to searchSarahGrape (talk | contribs) |
(cleanup, added more explicit instructions) |
||
| Line 1: | Line 1: | ||
| − | + | Step by step instructions for setting up '''fail2ban for sendmail'''. | |
| + | ==Create the filter== | ||
| + | First, create a filter file for sendmail, typically <code>filter.d/sendmail.conf</code>, with the following content: | ||
| + | <pre><nowiki> | ||
# Fail2Ban configuration file | # Fail2Ban configuration file | ||
# | # | ||
| − | # | + | # Source: http://www.the-art-of-web.com/system/fail2ban-sendmail/ |
| + | # Contibutors: Gutza, the SASL regex | ||
# | # | ||
# $Revision: 0 $ | # $Revision: 0 $ | ||
| Line 10: | Line 14: | ||
[Definition] | [Definition] | ||
| − | |||
| − | |||
# Option: failregex | # Option: failregex | ||
| Line 25: | Line 27: | ||
\[<HOST>\], reject.*\.\.\. Relaying denied | \[<HOST>\], reject.*\.\.\. Relaying denied | ||
(User unknown)\n* \[<HOST>\] | (User unknown)\n* \[<HOST>\] | ||
| + | badlogin: .* \[<HOST>\] plaintext .* SASL | ||
# Option: ignoreregex | # Option: ignoreregex | ||
| Line 31: | Line 34: | ||
# | # | ||
ignoreregex = | ignoreregex = | ||
| + | </nowiki></pre> | ||
| + | |||
| + | ==Define the jail== | ||
| + | Now you need to tell fail2ban what to do with this filter. Edit <code>jail.conf</code> and add the following section: | ||
| + | |||
| + | <pre><nowiki> | ||
| + | [sendmail] | ||
| + | enabled = true | ||
| + | filter = sendmail | ||
| + | action = iptables-multiport[name=sendmail, port="pop3,imap,smtp", protocol=tcp] | ||
| + | sendmail-whois[name=sendmail, dest=you@example.com] | ||
| + | logpath = /var/log/maillog | ||
| + | </nowiki></pre> | ||
| + | |||
| + | Don't forget to change <code>you@example.com</code> with your e-mail address. Also, depending on your server's configuration, you might want to add or remove some ports (you might have some other ports open for secure operations, such as pop3s, imaps, smtps). | ||
| + | |||
| + | [[Category:Configuration]] | ||
Revision as of 13:44, 11 November 2010
Step by step instructions for setting up fail2ban for sendmail.
Create the filter
First, create a filter file for sendmail, typically filter.d/sendmail.conf, with the following content:
# Fail2Ban configuration file
#
# Source: http://www.the-art-of-web.com/system/fail2ban-sendmail/
# Contibutors: Gutza, the SASL regex
#
# $Revision: 0 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = \[<HOST>\] .*to MTA
\[<HOST>\] \(may be forged\)
\[<HOST>\], reject.*\.\.\. Relaying denied
(User unknown)\n* \[<HOST>\]
badlogin: .* \[<HOST>\] plaintext .* SASL
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Define the jail
Now you need to tell fail2ban what to do with this filter. Edit jail.conf and add the following section:
[sendmail]
enabled = true
filter = sendmail
action = iptables-multiport[name=sendmail, port="pop3,imap,smtp", protocol=tcp]
sendmail-whois[name=sendmail, dest=you@example.com]
logpath = /var/log/maillog
Don't forget to change you@example.com with your e-mail address. Also, depending on your server's configuration, you might want to add or remove some ports (you might have some other ports open for secure operations, such as pop3s, imaps, smtps).
