Difference between revisions of "HOWTO fail2ban with qpopper"
From Fail2ban
Jump to navigationJump to search (don't miss the SPC at the end of the line of the failregex expression!) |
|||
| Line 16: | Line 16: | ||
[Definition] | [Definition] | ||
| − | failregex = popper\[[0-9]+\]: \[AUTH\] Failed attempted login to \S+ from host (\S+) <HOST>(?: | + | failregex = popper\[[0-9]+\]: \[AUTH\] Failed attempted login to \S+ from host (\S+) <HOST>(?:\s |
\[pop_pass\.c.*\])?$ | \[pop_pass\.c.*\])?$ | ||
ignoreregex = | ignoreregex = | ||
Revision as of 19:16, 16 April 2011
Configuration for qpopper pop3 daemon is done through the following: (this setup was for openSUSE 10.2)
- First make an entry into your jail.conf file.
[qpopper]
enabled = true
port = pop3
filter = qpopperlogin
action = iptables[name=%(__name__)s, port=%(port)s]
sendmail-whois[name=qpopper, dest=you@mail.com]
logpath = /var/log/mail
maxretry = 5
- Then create a file in filter.d directory called qpopperlogin.conf This failregex statement was sent to the fail2safe mail list by Sven Neukirchner.
[Definition] failregex = popper\[[0-9]+\]: \[AUTH\] Failed attempted login to \S+ from host (\S+) <HOST>(?:\s \[pop_pass\.c.*\])?$ ignoreregex =
- for strings like
- Oct 16 14:42:00 alpha popper[25364]: anton at 123.234.40.66 (123.234.40.66): -#ERR [AUTH] Password supplied for "anton" is incorrect. [pop_pass.c:1173]
- use
- failregex = \(<HOST>\):\ -ERR\ \[AUTH\]
That should do it!
