Não é o [postfix-tcpwrapper]!!!
Habilite [postfix] !!
Segue minhas conf...
jail.conf:
...
...
banaction = iptables
...
...
[postfix]
enabled = true
port = smtp
filter = postfix
logpath = /var/log/mail.log
...
...
filter.d/postfix.conf:
...
...
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag
"<HOST>" can
# be used for standard IP/hostname matching and is only an
alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = reject: RCPT from (.*)\[<HOST>\]: 554
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
-----------------------------
_ Julio Cesar Covolato
0v0<ju...@psi.com.br>
/(_)\ F: 55-11-3129-3366
^ ^ PSI INTERNET
-----------------------------
Em 26/04/2011 15:48, Alexandre Balistrieri escreveu:
Ois,
Não sei se é off-topic mas como é relacionado ao mail server ...
Como me indicaram instalei o fail2ban mas pelo que estou vendo ele parece não
estar acionando as regras.
Preciso brecar tentativas falhas no saslauthd e o log do fail2ban.log não sai
disso:
------------------------
2011-04-26 15:27:03,143 fail2ban.actions: WARNING [postfix-tcpwrapper] Ban
208.47.184.3
2011-04-26 15:31:22,645 fail2ban.server : INFO Changed logging target to
/var/log/fail2ban.log for Fail2ban v0.8.4
2011-04-26 15:31:22,645 fail2ban.jail : INFO Creating new jail 'postfix-
tcpwrapper'
2011-04-26 15:31:22,653 fail2ban.jail : INFO Jail 'postfix-tcpwrapper' uses
poller
2011-04-26 15:31:22,689 fail2ban.filter : INFO Added logfile = /var/log/mail
2011-04-26 15:31:22,690 fail2ban.filter : INFO Set maxRetry = 1
2011-04-26 15:31:22,692 fail2ban.filter : INFO Set findtime = 1800
2011-04-26 15:31:22,693 fail2ban.actions: INFO Set banTime = 300
2011-04-26 15:31:22,706 fail2ban.jail : INFO Creating new jail 'sasl-
iptables'
2011-04-26 15:31:22,706 fail2ban.jail : INFO Jail 'sasl-iptables' uses
poller
2011-04-26 15:31:22,707 fail2ban.filter : INFO Added logfile =
/var/log/fail2ban.log
2011-04-26 15:31:22,708 fail2ban.filter : INFO Set maxRetry = 1
2011-04-26 15:31:22,710 fail2ban.filter : INFO Set findtime = 1800
2011-04-26 15:31:22,711 fail2ban.actions: INFO Set banTime = 1800
2011-04-26 15:31:22,734 fail2ban.jail : INFO Jail 'postfix-tcpwrapper'
started
2011-04-26 15:31:22,758 fail2ban.jail : INFO Jail 'sasl-iptables' started
-----------------------
Meu jail.conf:
--------------------
[sasl-iptables]
enabled = true
filter = sasl
port = smtp
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=al.balistri...@inpe.br]
logpath = /var/log/fail2ban.log
[postfix-tcpwrapper]
enabled = true
filter = postfix
action = hostsdeny[file=/etc/hosts.deny]
sendmail[name=Postfix, dest=al.balistri...@inpe.br]
logpath = /var/log/mail
bantime = 300
-----------------------------
No iptables gerou as entradas:
--------------
fail2ban-sasl tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
e
Chain fail2ban-sasl (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0
-----------------
_______________________________________________
Postfix-BR mailing list
Postfix-BR@listas.softwarelivre.org
http://listas.softwarelivre.org/mailman/listinfo/postfix-br
