1 |
# yum install fail2ban |
1 |
# chkconfig --level 235 fail2ban on |
1 |
# nano /etc/fail2ban/fail2ban.conf |
1 2 3 4 5 |
[Definition] loglevel = 3 logtarget = /var/log/fail2ban.log socket = /var/run/fail2ban/fail2ban.sock pidfile = /var/run/fail2ban/fail2ban.pid |
1 |
# nano /etc/fail2ban/jail.conf |
1 2 3 4 5 6 |
ignoreip = 127.0.0.1/8 77.120.XXX.YYY/32 bantime = 3600 findtime = 600 maxretry = 5 backend = auto usedns = warn |
# Для блокировки подбора логина/пароля при использовании SASL-аутентификации
1 2 3 4 5 6 7 8 9 |
[postfix25-iptables] enabled = true filter = postfix-sasl action = iptables[name=Postfix-smtp, port=smtp, protocol=tcp] sendmail[name=Postfix-smtp, dest=your@email, sender=fail2ban@myserver.com] logpath = /var/log/maillog bantime = 86400 maxretry = 3 findtime = 3600 |
И для блокировки пересылки через Ваш почтовый сервер и др.
1 2 3 4 5 6 7 8 9 |
[postfix-iptables] enabled = true filter = postfix action = iptables[name=Postfix-smtp, port=smtp, protocol=tcp] sendmail[name=Postfix-smtp, dest=your@email, sender=fail2ban@myserver.com] logpath = /var/log/maillog bantime = 86400 maxretry = 3 findtime = 3600 |
1 |
# nano /etc/fail2ban/filter.d/postfix-sasl.conf |
1 2 3 4 5 6 7 |
# Fail2Ban filter for postfix authentication failures [INCLUDES] before = common.conf [Definition] _daemon = postfix/smtpd failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ ignoreregex = |
проверка срабатывания правил
1 |
# fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix-sasl.conf |
И
1 |
# nano /etc/fail2ban/filter.d/postfix.conf |
1 2 3 4 5 6 |
# Fail2Ban configuration file [Definition] failregex = reject: RCPT from (.*)\[<HOST>\]: 550 reject: RCPT from (.*)\[<HOST>\]: 450 reject: RCPT from (.*)\[<HOST>\]: 554 ignoreregex = |
проверка срабатывания правил
1 |
# fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix.conf |