Difference between revisions of "HOWTO fail2ban with qpopper"

From Fail2ban
Jump to navigationJump to search
(Separated OpenSUSE and Debian configs)
 
(11 intermediate revisions by 4 users not shown)
Line 1: Line 1:
Configuration for qpopper pop3 daemon is done through the following: (this setup was for openSUSE 10.2)
+
Configuration for qpopper pop3 daemon is done as follows:
  
 +
* First make an entry into your jail.conf (/etc/fail2ban/jail.local on Debian/Ubuntu) file.
  
== Make an entry into your jail.conf file for qpopper: ==
+
# this is for openSUSE 10.2
 +
[qpopper]
 +
enabled  = true
 +
port    = pop3
 +
filter  = qpopperlogin
 +
action  = iptables[name=%(__name__)s, port=%(port)s]
 +
            sendmail-whois[name=qpopper, dest=you@mail.com]
 +
logpath  = /var/log/mail
 +
maxretry = 5
  
 +
# this is for Debian/Ubuntu
 +
[qpopper]
 +
enabled  = true
 +
port    = pop3,pop3s
 +
filter  = qpopperlogin
 +
logpath  = /var/log/mail.log
  
<nowiki>[qpopper]
+
* Then create a file in filter.d directory called qpopperlogin.conf The first failregex statement was sent to the fail2ban mail list by Sven Neukirchner.
 
enabled  = true
 
  
port    = pop3
+
# openSUSE
 +
[Definition]
 +
failregex = popper\[[0-9]+\]:\s\[AUTH\]\sFailed\sattempted\slogin\sto\s\S+\sfrom\shost\s(\S+)\s<HOST>(?:\s\[pop_pass\.c.*\])?$
 +
ignoreregex =
  
filter  = qpopperlogin
+
  # Debian/Ubuntu
 
+
[Definition]
action  = iptables[name=%(__name__)s, port=%(port)s]
+
  failregex = popper\[[0-9]+\]:.*\(<HOST>\):\ -ERR\ \[AUTH\]\
 
+
ignoreregex =
          sendmail-whois[name=qpopper, dest=you@mail.com]
 
 
 
logpath = /var/log/mail
 
 
 
maxretry = 5</nowiki>
 
 
 
==
 
Then create a file in action.d directory called qpopperlogin.conf ==
 
(this failregex statement was sent to the fail2safe mail list by Sven Neukirchner.
 
 
 
[Definition]
 
   
 
failregex = popper\[[0-9]+\]: \[AUTH\] Failed attempted login to \S+ from host (\S+) <HOST>(?: \[pop_pass\.c.*\])?$
 
 
 
ignoreregex =
 

Latest revision as of 21:38, 16 December 2011

Configuration for qpopper pop3 daemon is done as follows:

  • First make an entry into your jail.conf (/etc/fail2ban/jail.local on Debian/Ubuntu) file.
# this is for openSUSE 10.2
[qpopper]
enabled  = true
port     = pop3
filter   = qpopperlogin
action   = iptables[name=%(__name__)s, port=%(port)s]
           sendmail-whois[name=qpopper, dest=you@mail.com]
logpath  = /var/log/mail
maxretry = 5

# this is for Debian/Ubuntu
[qpopper]
enabled  = true
port     = pop3,pop3s
filter   = qpopperlogin
logpath  = /var/log/mail.log
  • Then create a file in filter.d directory called qpopperlogin.conf The first failregex statement was sent to the fail2ban mail list by Sven Neukirchner.
# openSUSE
[Definition]
failregex = popper\[[0-9]+\]:\s\[AUTH\]\sFailed\sattempted\slogin\sto\s\S+\sfrom\shost\s(\S+)\s<HOST>(?:\s\[pop_pass\.c.*\])?$
ignoreregex =

# Debian/Ubuntu
[Definition]
failregex = popper\[[0-9]+\]:.*\(<HOST>\):\ -ERR\ \[AUTH\]\
ignoreregex =
Retrieved from "http://wiki.fail2ban.org/wiki/index.php?title=HOWTO_fail2ban_with_qpopper&oldid=4412"