![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
CONTENTS
Lastmodified 2024-02-17 (土) 09:25:52
/etc/rc.conf
fail2ban_enable="YES"
[Definition] failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=`<HOST>`
[dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap", protocol=tcp] logpath = /var/log/maillog maxretry = 20 findtime = 1200 bantime = 1200
fail2banをうまく動かすためのTips。正規表現はシンプルに見やすく
/usr/local/etc/fail2banjail.local
[dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap", protocol=tcp] #logpath = /var/log/maillog logpath = /var/log/auth.log maxretry = 2 findtime = 1200 bantime = 1200 backend = polling banaction = bsd-ipfw[table=pop3]
# fail2ban-regex /var/log/auth.log /usr/local/etc/fail2ban/filter.d/dovecot-pop3imap.conf --print-all-matched
Running tests
=============
Use failregex filter file : dovecot-pop3imap, basedir: /usr/local/etc/fail2ban
Use log file : /var/log/auth.log
Use encoding : UTF-8
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [6618] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-
Lines: 6618 lines, 0 ignored, 0 matched, 6618 missed
[processed in 0.53 sec]
Missed line(s): too many to print. Use --print-all-missed to print all 6618 lines
Total access 419:本日 1:昨日 0
