Difference between revisions of "Sendmail"

Step by step instructions for setting up fail2ban for sendmail.

Create the filter

First, create a filter file for sendmail, typically filter.d/sendmail.conf, with the following content:

# Fail2Ban configuration file
#
# Source: http://www.the-art-of-web.com/system/fail2ban-sendmail/
# Contibutors: Gutza, the SASL regex
#
# $Revision: 0 $
#

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#

failregex = \[<HOST>\] .*to MTA
            \[<HOST>\] \(may be forged\)
            \[<HOST>\], reject.*\.\.\. Relaying denied
            (User unknown)\n* \[<HOST>\]
            badlogin: .* \[<HOST>\] plaintext .* SASL

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

Define the jail

Now you need to tell fail2ban what to do with this filter. Edit jail.conf and add the following section:

[sendmail]
enabled  = true
filter   = sendmail
action   = iptables-multiport[name=sendmail, port="pop3,imap,smtp,pop3s,imaps,smtps", protocol=tcp]
           sendmail-whois[name=sendmail, dest=you@example.com]
logpath  = /var/log/maillog

Don't forget to change you@example.com with your e-mail address.