HOWTO fail2ban with qpopper

From Fail2ban

Revision as of 18:16, 16 April 2011 by 87.164.127.82 (talk) (don't miss the SPC at the end of the line of the failregex expression!)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Configuration for qpopper pop3 daemon is done through the following: (this setup was for openSUSE 10.2)

First make an entry into your jail.conf file.

[qpopper]
enabled  = true
port     = pop3
filter   = qpopperlogin
action   = iptables[name=%(__name__)s, port=%(port)s]
           sendmail-whois[name=qpopper, dest=you@mail.com]
logpath  = /var/log/mail
maxretry = 5

Then create a file in filter.d directory called qpopperlogin.conf This failregex statement was sent to the fail2safe mail list by Sven Neukirchner.

[Definition]

failregex = popper\[[0-9]+\]: \[AUTH\] Failed attempted login to \S+ from host (\S+) <HOST>(?:\s 
\[pop_pass\.c.*\])?$
ignoreregex =

for strings like
Oct 16 14:42:00 alpha popper[25364]: anton at 123.234.40.66 (123.234.40.66): -#ERR [AUTH] Password supplied for "anton" is incorrect. [pop_pass.c:1173]
use
failregex = \(<HOST>\):\ -ERR\ \[AUTH\]

That should do it!

Retrieved from "http://wiki.fail2ban.org/wiki/index.php?title=HOWTO_fail2ban_with_qpopper&oldid=3478"

Navigation menu