Skip to content

fail2ban config for bots trying to login #541

Answered by sol2070
sol2070 asked this question in Q&A
Discussion options

You must be logged in to vote

If somebody are facing this issue, the following worked for me. Now fail2ban is banning the IPs trying to login on Maddy:

## /etc/fail2ban/jail.local

[maddy-subm]
port     = 465,25,587
enabled  = true
filter   = maddy-subm
logpath  = /var/log/syslog
bantime  = -1
findtime = 36000
maxretry = 1
action   = iptables-multiport[name=maddy-subm, port="464,25,587", protocol=tcp]

## /etc/fail2ban/filter.d/maddy.subm.conf
[Definition]
## Example of attempted login
# Sep 24 19:43:40 hstg.vps maddy[998]: submission/sasl: authentication failed {"reason":"no auth. provider accepted creds, last err: unknown credentials", "src_ip":"185.104.186.2:51802","username":"billing"}
##

failregex   = submission…

Replies: 1 comment 5 replies

Comment options

You must be logged in to vote
5 replies
@foxcpp
Comment options

@sol2070
Comment options

@spysir
Comment options

@tlze
Comment options

@spysir
Comment options

Answer selected by sol2070
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
4 participants