有人正在扫描我的 postfix/dovecot

Question

从importgeek.wordpress.com：

安装 Fail2Ban

：apt-get install fail2ban
要限制内存使用量，请在 /etc/default/fail2ban 中添加：

+ulimit -s 256
创建本地配置文件 /etc/fail2ban/jail.local 来覆盖 jail.conf 中的设置：

：cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

：vi /etc/fail2ban/jail.local

[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot
logpath = /var/log/mail.log
maxretry  = 3

[postfix]
enabled  = true
port     = smtp,ssmtp
filter   = postfix
logpath  = /var/log/mail.log
maxretry  = 3

[sasl]
enabled   = true
port      = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter    = sasl
logpath   = /var/log/mail.log
maxretry  = 3

编辑

Fail2ban（Debian Squeeze）没有附带 Dovecot 的配置，因此请创建 /etc/fail2ban/filter.d/dovecot.conf：

[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.*
ignoreregex =

重新启动fail2ban：

# /etc/init.d/fail2ban restart

Answer 1

从importgeek.wordpress.com：

安装 Fail2Ban

：apt-get install fail2ban
要限制内存使用量，请在 /etc/default/fail2ban 中添加：

+ulimit -s 256
创建本地配置文件 /etc/fail2ban/jail.local 来覆盖 jail.conf 中的设置：

：cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

：vi /etc/fail2ban/jail.local

[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot
logpath = /var/log/mail.log
maxretry  = 3

[postfix]
enabled  = true
port     = smtp,ssmtp
filter   = postfix
logpath  = /var/log/mail.log
maxretry  = 3

[sasl]
enabled   = true
port      = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter    = sasl
logpath   = /var/log/mail.log
maxretry  = 3

编辑

Fail2ban（Debian Squeeze）没有附带 Dovecot 的配置，因此请创建 /etc/fail2ban/filter.d/dovecot.conf：

[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.*
ignoreregex =

重新启动fail2ban：

# /etc/init.d/fail2ban restart

有人正在扫描我的 postfix/dovecot

答案1

相关内容