exim dovecot 作为虚拟机/代理服务器,记录客户端的实际 IP

exim dovecot 作为虚拟机/代理服务器,记录客户端的实际 IP

服务器定期遭受 dovecot 和 exim 暴力破解尝试,以猜测有效的邮件和密码。

我写了一个脚本,扫描错误的 ssh 登录日志并封锁该 IP 一天

https://dwaves.org/2016/10/25/gnu-linux-iptables-firewall-update-2020-autoban-brute-force-ssh-and-exim-attacks-with-iptables/

但由于没有正确的客户端 IP,导致

IP 无法被 iptables 封锁

如何配置 dovecot / exim 来记录试图猜测密码的客户端的实际 IP 地址?

==> /var/log/exim/main.log <== 
2020-06-26 19:34:48 dovecot_login authenticator failed for (User) [10.0.2.2]: 535 Incorrect authentication data ([email protected]) 
2020-06-26 19:34:48 dovecot_login authenticator failed for (User) [10.0.2.2]: 535 Incorrect authentication data ([email protected]) 

找到这个:lmtp

https://doc.dovecot.org/configuration_manual/protocols/lmtp_server/

然后:

https://wiki2.dovecot.org/HAProxy

和这个:

https://doc.dovecot.org/configuration_manual/proxy_settings/

但一切都太复杂了 XD

只是想在日志中看到正确的 IP 客户端地址

而不是 10.0.2.2 (代理的 IP)

有人可以帮忙吗?

谢谢

答案1

必须在 VirtualBox 端寻找解决方案,VirtualBox 在通过主机 NAT 传递流量时可以保留原始客户端 IP 地址:

# shutdown / poweroff vm
VBoxManage modifyvm "vmname" --nataliasmode1 proxyonly

# power on vm again and monitor the logs
# if the real client ip adresses are now being passed on to the vm or not

--nataliasmode<1-N>
default|[log],[proxyonly],[sameports]

:定义NAT引擎核心的行为:

log – enables logging
proxyonly – switches off aliasing mode and makes NAT transparent
sameports – enforces the NAT engine to send packets through the same port as they originated on
default – disable all aliasing modes.

请参见第 9.8.7 节“配置 NAT 引擎的别名”。https://www.virtualbox.org/manual/UserManual.html#nat-adv-alias

链接:

https://forums.virtualbox.org/viewtopic.php?f=7&t=98804

相关内容