服务器定期遭受 dovecot 和 exim 暴力破解尝试,以猜测有效的邮件和密码。
我写了一个脚本,扫描错误的 ssh 登录日志并封锁该 IP 一天
但由于没有正确的客户端 IP,导致
IP 无法被 iptables 封锁
如何配置 dovecot / exim 来记录试图猜测密码的客户端的实际 IP 地址?
==> /var/log/exim/main.log <==
2020-06-26 19:34:48 dovecot_login authenticator failed for (User) [10.0.2.2]: 535 Incorrect authentication data ([email protected])
2020-06-26 19:34:48 dovecot_login authenticator failed for (User) [10.0.2.2]: 535 Incorrect authentication data ([email protected])
找到这个:lmtp
https://doc.dovecot.org/configuration_manual/protocols/lmtp_server/
然后:
https://wiki2.dovecot.org/HAProxy
和这个:
https://doc.dovecot.org/configuration_manual/proxy_settings/
但一切都太复杂了 XD
只是想在日志中看到正确的 IP 客户端地址
而不是 10.0.2.2 (代理的 IP)
有人可以帮忙吗?
谢谢
答案1
必须在 VirtualBox 端寻找解决方案,VirtualBox 在通过主机 NAT 传递流量时可以保留原始客户端 IP 地址:
# shutdown / poweroff vm
VBoxManage modifyvm "vmname" --nataliasmode1 proxyonly
# power on vm again and monitor the logs
# if the real client ip adresses are now being passed on to the vm or not
--nataliasmode<1-N>
default|[log],[proxyonly],[sameports]
:定义NAT引擎核心的行为:
log – enables logging
proxyonly – switches off aliasing mode and makes NAT transparent
sameports – enforces the NAT engine to send packets through the same port as they originated on
default – disable all aliasing modes.
请参见第 9.8.7 节“配置 NAT 引擎的别名”。https://www.virtualbox.org/manual/UserManual.html#nat-adv-alias
链接: