Настройка fail2ban для защиты Postfix на Centos

Июль 8th, 2014

Evgeniy Kamenev

# yum install fail2ban

1	# yum install fail2ban

# chkconfig --level 235 fail2ban on

1	# chkconfig --level 235 fail2ban on

# nano /etc/fail2ban/fail2ban.conf

1	# nano /etc/fail2ban/fail2ban.conf

[Definition]
loglevel = 3
logtarget = /var/log/fail2ban.log
socket = /var/run/fail2ban/fail2ban.sock
pidfile = /var/run/fail2ban/fail2ban.pid

[Definition]

loglevel = 3

logtarget = /var/log/fail2ban.log

socket = /var/run/fail2ban/fail2ban.sock

pidfile = /var/run/fail2ban/fail2ban.pid

 # nano /etc/fail2ban/jail.conf

1	# nano /etc/fail2ban/jail.conf

ignoreip = 127.0.0.1/8  77.120.XXX.YYY/32
bantime = 3600
findtime = 600
maxretry = 5
backend = auto
usedns = warn

ignoreip = 127.0.0.1/8 77.120.XXX.YYY/32

bantime = 3600

findtime = 600

maxretry = 5

backend = auto

usedns = warn

# Для блокировки подбора логина/пароля при использовании SASL-аутентификации

[postfix25-iptables]
enabled = true
filter = postfix-sasl
action = iptables[name=Postfix-smtp, port=smtp, protocol=tcp]
sendmail[name=Postfix-smtp, dest=your@email, sender=fail2ban@myserver.com]
logpath = /var/log/maillog
bantime = 86400
maxretry = 3
findtime = 3600

[postfix25-iptables]

enabled = true

filter = postfix-sasl

action = iptables[name=Postfix-smtp, port=smtp, protocol=tcp]

sendmail[name=Postfix-smtp, dest=your@email, sender=fail2ban@myserver.com]

logpath = /var/log/maillog

bantime = 86400

maxretry = 3

findtime = 3600

И для блокировки пересылки через Ваш почтовый сервер и др.

[postfix-iptables]
enabled = true
filter = postfix
action = iptables[name=Postfix-smtp, port=smtp, protocol=tcp]
sendmail[name=Postfix-smtp, dest=your@email, sender=fail2ban@myserver.com]
logpath = /var/log/maillog
bantime = 86400
maxretry = 3
findtime = 3600

[postfix-iptables]

enabled = true

filter = postfix

action = iptables[name=Postfix-smtp, port=smtp, protocol=tcp]

sendmail[name=Postfix-smtp, dest=your@email, sender=fail2ban@myserver.com]

logpath = /var/log/maillog

bantime = 86400

maxretry = 3

findtime = 3600

# nano /etc/fail2ban/filter.d/postfix-sasl.conf

1	# nano /etc/fail2ban/filter.d/postfix-sasl.conf

# Fail2Ban filter for postfix authentication failures
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix/smtpd
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
ignoreregex =

# Fail2Ban filter for postfix authentication failures

[INCLUDES]

before = common.conf

[Definition]

_daemon = postfix/smtpd

failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$

ignoreregex =

проверка срабатывания правил

# fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix-sasl.conf

1	# fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix-sasl.conf

# nano /etc/fail2ban/filter.d/postfix.conf

1	# nano /etc/fail2ban/filter.d/postfix.conf

# Fail2Ban configuration file
[Definition]
failregex = reject: RCPT from (.*)\[<HOST>\]: 550
reject: RCPT from (.*)\[<HOST>\]: 450
reject: RCPT from (.*)\[<HOST>\]: 554
ignoreregex =

# Fail2Ban configuration file

[Definition]

failregex = reject: RCPT from (.*)\[<HOST>\]: 550

reject: RCPT from (.*)\[<HOST>\]: 450

reject: RCPT from (.*)\[<HOST>\]: 554

ignoreregex =

проверка срабатывания правил

# fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix.conf

1	# fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix.conf

Опубликовано в рубрике Centos, Mail

Метки: fail2ban, postfix

Комментирование и размещение ссылок запрещено.

Комментарии закрыты.

Настройка fail2ban для защиты Postfix на Centos

Страницы

Свежие записи

Архивы

Рубрики

Админ-панель