Posts

Showing posts from January 3, 2014

Centos 4 and Dovecot 1

 Centos 4 and dovecot 1 fail2ban from: http://www.webstershome.co.uk/content/fail2ban-block-unwanted-attacks Create the filter file "/etc/fail2ban/filter.d/dovecot-pop3imap.conf" and add [Definition] failregex = (?: dovecot: pop3-login|imap-login): (?:Authentication failure|Aborted login \(auth failed|Aborted login).*rip=(<HOST>),.* ignoreregex = note: the failregex may need changing to suit your system. now add the following to "/etc/fail2ban/jail.conf" [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="110,143,995,993,25,465,587"] sendmail-whois[name=dovecot-pop3imap, dest=root, sender=fail2ban@server.com] logpath = /var/log/maillog maxretry = 5 findtime = 600 bantime = 3600