The following lines were added (+) and removed (-):
Blocking SMTP authentication brute force attacks using Fail2Ban - Fail2Ban can be used to block brute force attacks against your mail server. The attackers are blocked by their source IP using iptables. Although it doesn't block SMTP attacks by default, Fail2Ban can be configured to do so.Blocking SMTP authentication brute force attacks using [[Fail2Ban]] - Fail2Ban can be used to block brute force attacks against your mail server. The attackers are blocked by their source IP using iptables. Although it doesn't block SMTP attacks by default, Fail2Ban can be configured to do so.==== obtain and install ===={{:Linux fail2ban Installation}}==== configure ====Configuration for Fail2ban on a Redhat/Fedora/CentOS style distribution. This is using fail2ban with dovecot 2.x (versions 2 and above) - filtering and pattern matching.#configuration files: ./fail2ban#regex filters: ./fail2ban/filter.d#action file (do/block): ./fail2ban/action.dFirst edit the dovecot.conf filter file. vi ./fail2ban/[[sample-filter.d|filter.d]]Next edit the postfix-sasl.conf and iptables-multiport-tcp.conf action files. vi ./fail2ban/filter.d/[[sample-postfix-sasl.conf|postfix-sasl.conf]] vi ./fail2ban/action.d/[[sample-iptables-multiport-tcp.conf|iptables-multiport-tcp.conf]]Do not directly edit jail.conf. Comments in jail.conf clearly warn against modifications in jail.conf. Put your customizations in a jail.local file or a jail.d/customisation.local cp ./fail2ban/jail.conf ./fail2ban/jail.local vi ./fail2ban/[[sample-jail.local|jail.local]]Important Configuration Parameters:*ignoreip: This is a space-separated list of IP addresses that cannot be blocked by fail2ban.*bantime: Time in seconds that a host is blocked if it was caught by fail2ban (600 seconds = 10 minutes).*maxretry: Max. number of failed login attempts before a host is blocked by fail2ban.*filter: Refers to the appropriate filter file in "./fail2ban/filter.d".*logpath: The log file that fail2ban checks for failed login attempts. ignoreip = 127.0.0.1 192.168.254.0/24Set the IP addresses of trusted hosts for fail2ban to ignore. Replace the 192x non-routable with the address of your machine or network. You can also add other trusted networks. Put your mom's IP address in there because sometimes she gets her password wrong more than 3 times in a row![[Category:Computer_Technology]][[Category:Linux]]