Ban IP's from saslauthd/postfix?
Petter Adsen
petter at synth.no
Sun May 24 08:13:26 UTC 2015
On Sat, 23 May 2015 22:25:53 -0400
Ben Coleman <oloryn at benshome.net> wrote:
> On 05/22/2015 04:35 AM, Petter Adsen wrote:
> > My mailserver is currently being targeted by what seems like a
> > botnet, probably looking to send spam. Is there something like
> > fail2ban I can use that will lock an IP out after a few failed
> > attempts to authenticate?
>
> I haven't used it with email authentication, but actually, fail2ban
> might do. It has filters for more than looking for ssh authentication
> failures. E.g. look at the postfix-sasl, sendmail-auth, dovecot or
> such filters.
Yes, I noticed after sending the mail - it was silly of me not to
check first. I still haven't got it working, though, as it seems I would
need to write a custom action, and I'm *really* bad at regular
expressions.
If I do get it working, I will post it here (and send it to either the
authors or the Ubuntu maintainer) so others can use it also.
Petter
--
"I'm ionized"
"Are you sure?"
"I'm positive."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20150524/79e0ee12/attachment.sig>
More information about the ubuntu-users
mailing list