Difference between revisions of "HOWTO fail2ban with qpopper"
From Fail2ban
Jump to navigationJump to search| Line 5: | Line 5: | ||
| − | + | [qpopper] | |
| − | + | enabled = true | |
| − | enabled = true | + | port = pop3 |
| − | + | filter = qpopperlogin | |
| − | port = pop3 | + | action = iptables[name=%(__name__)s, port=%(port)s] |
| − | + | sendmail-whois[name=qpopper, dest=you@mail.com] | |
| − | filter = qpopperlogin | + | logpath = /var/log/mail |
| − | + | maxretry = 5</nowiki> | |
| − | action = iptables[name=%(__name__)s, port=%(port)s] | ||
| − | |||
| − | |||
| − | |||
| − | logpath = /var/log/mail | ||
| − | |||
| − | maxretry = 5</nowiki> | ||
== Then create a file in action.d directory called qpopperlogin.conf == | == Then create a file in action.d directory called qpopperlogin.conf == | ||
Revision as of 14:43, 16 October 2007
Configuration for qpopper pop3 daemon is done through the following: (this setup was for openSUSE 10.2)
Make an entry into your jail.conf file for qpopper:
[qpopper]
enabled = true
port = pop3
filter = qpopperlogin
action = iptables[name=%(__name__)s, port=%(port)s]
sendmail-whois[name=qpopper, dest=you@mail.com]
logpath = /var/log/mail
maxretry = 5</nowiki>
Then create a file in action.d directory called qpopperlogin.conf
(this failregex statement was sent to the fail2safe mail list by Sven Neukirchner.
[Definition]
failregex = popper\[[0-9]+\]: \[AUTH\] Failed attempted login to \S+ from host (\S+) <HOST>(?: \[pop_pass\.c.*\])?$
ignoreregex =
