[arch-general] Automated check log and block postfix
lists at 2ion.de
lists at 2ion.de
Wed Jan 1 11:24:01 UTC 2020
On Wed, Jan 01, 2020 at 10:27:02AM +0100, siefke_listen at web.de wrote:
> I have fail2ban installed but there is nothing happen with. Okay is
> connect and disconnect. No error message. I not understand why is so
> but is ok.
You need to configure fail2ban. It's more like a framework with lots of
builtin but little preconfigured/preenabled stuff.
* You need to habe the postfix jail or multiple postfix jails enabled:
[postfix]
enabled = true
[postfix-sasl]
enabled = true
(...)
* You need to ensure that fail2ban actually has logs to work with. For
example, if postfix does not write log files but all log output ends
up in journald, then you might need to configure fail2ban with the
systemd backend to get it to actually consume the logs.
[postfix]
backend = systemd # or auto
(...)
* You need to make sure that the regexes actually match messages.
That being said, unless you want to do more elaborate evaluation of
attempts the iptables-based recent module as already suggested in this
thread is the simpler, better solution.
More information about the arch-general
mailing list