HOWTO fail2ban with qpopper

From Fail2ban

Revision as of 21:38, 16 December 2011 by Mikes (talk | contribs) (Separated OpenSUSE and Debian configs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Configuration for qpopper pop3 daemon is done as follows:

First make an entry into your jail.conf (/etc/fail2ban/jail.local on Debian/Ubuntu) file.

# this is for openSUSE 10.2
[qpopper]
enabled  = true
port     = pop3
filter   = qpopperlogin
action   = iptables[name=%(__name__)s, port=%(port)s]
           sendmail-whois[name=qpopper, dest=you@mail.com]
logpath  = /var/log/mail
maxretry = 5

# this is for Debian/Ubuntu
[qpopper]
enabled  = true
port     = pop3,pop3s
filter   = qpopperlogin
logpath  = /var/log/mail.log

Then create a file in filter.d directory called qpopperlogin.conf The first failregex statement was sent to the fail2ban mail list by Sven Neukirchner.

# openSUSE
[Definition]
failregex = popper\[[0-9]+\]:\s\[AUTH\]\sFailed\sattempted\slogin\sto\s\S+\sfrom\shost\s(\S+)\s<HOST>(?:\s\[pop_pass\.c.*\])?$
ignoreregex =

# Debian/Ubuntu
[Definition]
failregex = popper\[[0-9]+\]:.*\(<HOST>\):\ -ERR\ \[AUTH\]\
ignoreregex =

Retrieved from "http://wiki.fail2ban.org/wiki/index.php?title=HOWTO_fail2ban_with_qpopper&oldid=4412"

Navigation menu