Difference between revisions of "HOWTO fail2ban with qpopper"

From Fail2ban
Jump to navigationJump to search
(it's better to use \s instead of blanks because of line breaking problems)
(Separated OpenSUSE and Debian configs)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
Configuration for qpopper pop3 daemon is done through the following: (this setup was for openSUSE 10.2)
+
Configuration for qpopper pop3 daemon is done as follows:
  
* First make an entry into your jail.conf file.
+
* First make an entry into your jail.conf (/etc/fail2ban/jail.local on Debian/Ubuntu) file.
  
 +
# this is for openSUSE 10.2
 
  [qpopper]
 
  [qpopper]
 
  enabled  = true
 
  enabled  = true
Line 12: Line 13:
 
  maxretry = 5
 
  maxretry = 5
  
* Then create a file in filter.d directory called qpopperlogin.conf This failregex statement was sent to the fail2safe mail list by Sven Neukirchner.
+
# this is for Debian/Ubuntu
 +
[qpopper]
 +
enabled  = true
 +
port    = pop3,pop3s
 +
filter   = qpopperlogin
 +
logpath  = /var/log/mail.log
  
 +
* Then create a file in filter.d directory called qpopperlogin.conf The first failregex statement was sent to the fail2ban mail list by Sven Neukirchner.
 +
 +
# openSUSE
 
  [Definition]
 
  [Definition]
+
  failregex = popper\[[0-9]+\]:\s\[AUTH\]\sFailed\sattempted\slogin\sto\s\S+\sfrom\shost\s(\S+)\s<HOST>(?:\s\[pop_pass\.c.*\])?$
  failregex = popper\[[0-9]+\]:\s\[AUTH\]\sFailed\sattempted\slogin\sto\s
 
            \S+\sfrom\shost\s(\S+)\s<HOST>(?:\s\[pop_pass\.c.*\])?$
 
 
  ignoreregex =
 
  ignoreregex =
  
###
+
# Debian/Ubuntu
# for strings like  
+
  [Definition]
# Oct 16 14:42:00 alpha popper[25364]: anton at 123.234.40.66 (123.234.40.66): -#ERR [AUTH] Password supplied for "anton" is incorrect. [pop_pass.c:1173]
+
failregex = popper\[[0-9]+\]:.*\(<HOST>\):\ -ERR\ \[AUTH\]\
# use
+
ignoreregex =
# failregex = \(<HOST>\):\ -ERR\ \[AUTH\]
 
###
 
 
 
That should do it!
 

Latest revision as of 21:38, 16 December 2011

Configuration for qpopper pop3 daemon is done as follows:

  • First make an entry into your jail.conf (/etc/fail2ban/jail.local on Debian/Ubuntu) file.
# this is for openSUSE 10.2
[qpopper]
enabled  = true
port     = pop3
filter   = qpopperlogin
action   = iptables[name=%(__name__)s, port=%(port)s]
           sendmail-whois[name=qpopper, dest=you@mail.com]
logpath  = /var/log/mail
maxretry = 5

# this is for Debian/Ubuntu
[qpopper]
enabled  = true
port     = pop3,pop3s
filter   = qpopperlogin
logpath  = /var/log/mail.log
  • Then create a file in filter.d directory called qpopperlogin.conf The first failregex statement was sent to the fail2ban mail list by Sven Neukirchner.
# openSUSE
[Definition]
failregex = popper\[[0-9]+\]:\s\[AUTH\]\sFailed\sattempted\slogin\sto\s\S+\sfrom\shost\s(\S+)\s<HOST>(?:\s\[pop_pass\.c.*\])?$
ignoreregex =

# Debian/Ubuntu
[Definition]
failregex = popper\[[0-9]+\]:.*\(<HOST>\):\ -ERR\ \[AUTH\]\
ignoreregex =
Retrieved from "http://wiki.fail2ban.org/wiki/index.php?title=HOWTO_fail2ban_with_qpopper&oldid=4412"