Difference between revisions of "HOWTO fail2ban with qpopper"
From Fail2ban
Jump to navigationJump to search (it's better to use \s instead of blanks because of line breaking problems) |
(updated regex) |
||
| Line 12: | Line 12: | ||
maxretry = 5 | maxretry = 5 | ||
| − | * Then create a file in filter.d directory called qpopperlogin.conf | + | * Then create a file in filter.d directory called qpopperlogin.conf The first failregex statement was sent to the fail2ban mail list by Sven Neukirchner. |
[Definition] | [Definition] | ||
| − | failregex = popper\[[0-9]+\]:\s\[AUTH\]\sFailed\sattempted\slogin\sto\s | + | failregex = popper\[[0-9]+\]:\s\[AUTH\]\sFailed\sattempted\slogin\sto\s\S+\sfrom\shost\s(\S+)\s<HOST>(?:\s\[pop_pass\.c.*\])?$ |
| − | + | popper\[[0-9]+\]:.*\(<HOST>\):\ -ERR\ \[AUTH\]\ | |
ignoreregex = | ignoreregex = | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 18:57, 15 December 2011
Configuration for qpopper pop3 daemon is done through the following: (this setup was for openSUSE 10.2)
- First make an entry into your jail.conf file.
[qpopper]
enabled = true
port = pop3
filter = qpopperlogin
action = iptables[name=%(__name__)s, port=%(port)s]
sendmail-whois[name=qpopper, dest=you@mail.com]
logpath = /var/log/mail
maxretry = 5
- Then create a file in filter.d directory called qpopperlogin.conf The first failregex statement was sent to the fail2ban mail list by Sven Neukirchner.
[Definition]
failregex = popper\[[0-9]+\]:\s\[AUTH\]\sFailed\sattempted\slogin\sto\s\S+\sfrom\shost\s(\S+)\s<HOST>(?:\s\[pop_pass\.c.*\])?$
popper\[[0-9]+\]:.*\(<HOST>\):\ -ERR\ \[AUTH\]\
ignoreregex =
