HOWTO fail2ban with qpopper

From Fail2ban
Revision as of 18:21, 16 April 2011 by (Talk) (it's better to use \s instead of blanks because of line breaking problems)

Jump to: navigation, search

Configuration for qpopper pop3 daemon is done through the following: (this setup was for openSUSE 10.2)

  • First make an entry into your jail.conf file.
enabled  = true
port     = pop3
filter   = qpopperlogin
action   = iptables[name=%(__name__)s, port=%(port)s]
logpath  = /var/log/mail
maxretry = 5
  • Then create a file in filter.d directory called qpopperlogin.conf This failregex statement was sent to the fail2safe mail list by Sven Neukirchner.

failregex = popper\[[0-9]+\]:\s\[AUTH\]\sFailed\sattempted\slogin\sto\s
ignoreregex =
  1. for strings like
  2. Oct 16 14:42:00 alpha popper[25364]: anton at ( -#ERR [AUTH] Password supplied for "anton" is incorrect. [pop_pass.c:1173]
  3. use
  4. failregex = \(<HOST>\):\ -ERR\ \[AUTH\]

That should do it!