Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
vms:webdev:ispconfig [2014/06/06 15:28] admin [fail2ban] |
vms:webdev:ispconfig [2014/06/06 15:40] admin [fail2ban] |
||
|---|---|---|---|
| Line 356: | Line 356: | ||
| </code> | </code> | ||
| - | To have fail2ban monitor PureFTPd and Dovecot, create the file **/etc/fail2ban/jail.local**: | + | To have fail2ban monitor PureFTPd and Dovecot, create (or edit) the file **/etc/fail2ban/jail.local**: |
| <code> | <code> | ||
| > nano /etc/fail2ban/jail.local | > nano /etc/fail2ban/jail.local | ||
| Line 380: | Line 380: | ||
| logpath = /var/log/mail.log | logpath = /var/log/mail.log | ||
| maxretry = 3 | maxretry = 3 | ||
| + | </code> | ||
| + | |||
| + | Create two more files: | ||
| + | <code> | ||
| + | > nano /etc/fail2ban/filter.d/pureftpd.conf | ||
| + | |||
| + | [Definition] | ||
| + | failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.* | ||
| + | ignoreregex = | ||
| + | |||
| + | > nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf | ||
| + | |||
| + | [Definition] | ||
| + | failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* | ||
| + | ignoreregex = | ||
| </code> | </code> | ||
