ASSP

From Fail2ban
Revision as of 02:09, 15 March 2014 by Daniel.subs (Talk | contribs) (ASSP filter for Fail2ban)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

ASSP filter for Fail2ban

Included since fail2ban-0.8.9

If you have an older version grab a copy of the filter from Latest Version. Place this in the file /etc/fail2ban/filter.d/assp.conf.


Add this section to your /etc/fail2ban/jail.local file:

[assp]

enabled  = true
port     = smtp,ssmtp
filter   = assp
action   = iptables[name=ASSP, port=25, protocol=tcp]
           sendmail-whois[name=ASSP, dest=email@domain.com]
logpath  = /var/log/assp/maillog.txt


IMPORTANT: Symlink the logs subdirectory of your ASSP installation as /var/log/assp or change the logpath in your jail configuration to point to ASSP's maillog.txt file.

Don't forget to restart fail2ban.

Check the end of your fail2ban.log whether fail2ban picked up ASSP's log file.