Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
vms:webdev:ispconfig [2014/06/06 15:28] admin [fail2ban] |
vms:webdev:ispconfig [2014/06/06 15:40] admin [fail2ban] |
||
---|---|---|---|
Line 356: | Line 356: | ||
</code> | </code> | ||
- | To have fail2ban monitor PureFTPd and Dovecot, create the file **/etc/fail2ban/jail.local**: | + | To have fail2ban monitor PureFTPd and Dovecot, create (or edit) the file **/etc/fail2ban/jail.local**: |
<code> | <code> | ||
> nano /etc/fail2ban/jail.local | > nano /etc/fail2ban/jail.local | ||
Line 380: | Line 380: | ||
logpath = /var/log/mail.log | logpath = /var/log/mail.log | ||
maxretry = 3 | maxretry = 3 | ||
+ | </code> | ||
+ | |||
+ | Create two more files: | ||
+ | <code> | ||
+ | > nano /etc/fail2ban/filter.d/pureftpd.conf | ||
+ | |||
+ | [Definition] | ||
+ | failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.* | ||
+ | ignoreregex = | ||
+ | |||
+ | > nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf | ||
+ | |||
+ | [Definition] | ||
+ | failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* | ||
+ | ignoreregex = | ||
</code> | </code> |