Hi friends,
I've just setup Postfix Dovecot on my VPS Debian Jessie and from the
first day I've seen this logon attempt:
Nov 15 20:27:32 server postfix/smtpd[7086]: warning: hostname
212-129-49-213.rev.poneytelecom.eu does not resolve to address
212.129.49.213: Name or service not known
Nov 15 20:27:32 server postfix/smtpd[7086]: connect from
unknown[212.129.49.213]
Nov 15 20:27:32 server postfix/smtpd[7086]: lost connection after AUTH
from unknown[212.129.49.213]
Nov 15 20:27:32 server postfix/smtpd[7086]: disconnect from
unknown[212.129.49.213]
I've enabled on my /etc/fail2ban/jail.conf [postfix] entry:
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
and on my /etc/fail2ban/filter.d/postfix.conf:
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = postfix/smtpd
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]:
554 5\.7\.1 .*$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]:
450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<>
proto=ESMTP helo= *$
^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]:
550 5\.1\.1 .*$
^%(__prefix_line)simproper command pipelining after \S+
from [^[]*\[<HOST>\]:?$
ignoreregex =
# Author: Cyril Jaquier
But this seem not enough, the spammer doesn'tbanned.
Could you suggest how I could set correctly this config files?
many many thanks!
Davide
--
cosmogoniA
cosmogoniA<http://www.cosmogonia.org/>
n o p r o v a r e n o f a r e o n o n f a r e n o n c e p r o v a r e
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
