Tag Archives: fail2ban

fail2ban CentOS DirectAdmin

yum install fail2ban
vi /etc/fail2ban/filter.d/dovecot-pop3imap.conf

[Definition]
failregex = dovecot: auth-worker\(default\): sql\(.*,\): unknown user
dovecot: (pop3|imap)-login: Aborted login \(.*\): .*, \[\]
dovecot: (pop3|imap)-login: Disconnected \(auth failed, .*\): .*, \[\]
dovecot: auth\(default\): passdb\(.*,\)\: Attempted login with password having illegal chars
dovecot: (pop3|imap)-login: Disconnected \(auth failed, .*\): .*, \[\]
dovecot: (pop3|imap)-login: Aborted login: .*, \[\]
ignoreregex =

vi /etc/fail2ban/jail.conf
[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port=”pop3,pop3s,imap,imaps”, protocol=tcp]
sendmail-whois[name=dovecot-pop3imap, dest=root, sender=fail2ban@example.com]
logpath = /var/log/maillog
maxretry = 20
findtime = 1200
bantime = 1200

service fail2ban start

chkconfig fail2ban on
service fail2ban status

fail2ban configuration files

/etc/fail2ban/
├── action.d
│ ├── dummy.conf
│ ├── hostsdeny.conf
│ ├── iptables.conf
│ ├── mail-whois.conf
│ ├── mail.conf
│ └── shorewall.conf
├── fail2ban.conf
├── fail2ban.local
├── filter.d
│ ├── apache-auth.conf
│ ├── apache-noscript.conf
│ ├── couriersmtp.conf
│ ├── postfix.conf
│ ├── proftpd.conf
│ ├── qmail.conf
│ ├── sasl.conf
│ ├── sshd.conf
│ └── vsftpd.conf
├── jail.conf
└── jail.local

this will dumps current configuration:

fail2ban-client -d