[Postfix-BR] D.O.S via smtpd/saslauthd?

Alexandre Balistrieri Tue, 26 Apr 2011 11:50:32 -0700

Ois,

Não sei se é off-topic mas como é relacionado ao mail server ...


Como me indicaram instalei o fail2ban mas pelo que estou vendo ele parece não 
estar acionando as regras.

Preciso brecar tentativas falhas no saslauthd e o log do fail2ban.log não sai 
disso:
------------------------
2011-04-26 15:27:03,143 fail2ban.actions: WARNING [postfix-tcpwrapper] Ban 
208.47.184.3
2011-04-26 15:31:22,645 fail2ban.server : INFO   Changed logging target to 
/var/log/fail2ban.log for Fail2ban v0.8.4
2011-04-26 15:31:22,645 fail2ban.jail   : INFO   Creating new jail 'postfix-
tcpwrapper'
2011-04-26 15:31:22,653 fail2ban.jail   : INFO   Jail 'postfix-tcpwrapper' uses 
poller
2011-04-26 15:31:22,689 fail2ban.filter : INFO   Added logfile = /var/log/mail
2011-04-26 15:31:22,690 fail2ban.filter : INFO   Set maxRetry = 1
2011-04-26 15:31:22,692 fail2ban.filter : INFO   Set findtime = 1800
2011-04-26 15:31:22,693 fail2ban.actions: INFO   Set banTime = 300
2011-04-26 15:31:22,706 fail2ban.jail   : INFO   Creating new jail 'sasl-
iptables'
2011-04-26 15:31:22,706 fail2ban.jail   : INFO   Jail 'sasl-iptables' uses 
poller
2011-04-26 15:31:22,707 fail2ban.filter : INFO   Added logfile = 
/var/log/fail2ban.log
2011-04-26 15:31:22,708 fail2ban.filter : INFO   Set maxRetry = 1
2011-04-26 15:31:22,710 fail2ban.filter : INFO   Set findtime = 1800
2011-04-26 15:31:22,711 fail2ban.actions: INFO   Set banTime = 1800
2011-04-26 15:31:22,734 fail2ban.jail   : INFO   Jail 'postfix-tcpwrapper' 
started
2011-04-26 15:31:22,758 fail2ban.jail   : INFO   Jail 'sasl-iptables' started
-----------------------

Meu jail.conf:
--------------------
[sasl-iptables]

enabled  = true
filter   = sasl
port     = smtp
backend  = polling
action   = iptables[name=sasl, port=smtp, protocol=tcp]
           sendmail-whois[name=sasl, dest=al.balistri...@inpe.br]
logpath  = /var/log/fail2ban.log


[postfix-tcpwrapper]

enabled  = true
filter   = postfix
action   = hostsdeny[file=/etc/hosts.deny]
           sendmail[name=Postfix, dest=al.balistri...@inpe.br]
logpath  = /var/log/mail
bantime  = 300
-----------------------------

No iptables gerou as entradas:
--------------
fail2ban-sasl  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:25 

e

Chain fail2ban-sasl (1 references)
target     prot opt source               destination         
RETURN     0    --  0.0.0.0/0            0.0.0.0/0
-----------------

-- 
Quam minimum credula postero, carpe diem
[]s
Bali - Alexandre Balistrieri
_______________________________________________
Postfix-BR mailing list
Postfix-BR@listas.softwarelivre.org
http://listas.softwarelivre.org/mailman/listinfo/postfix-br

[Postfix-BR] D.O.S via smtpd/saslauthd?

Responder a