HOWTO fail2ban with qpopper
Revision as of 18:21, 16 April 2011 by 18.104.22.168 (it's better to use \s instead of blanks because of line breaking problems)
Configuration for qpopper pop3 daemon is done through the following: (this setup was for openSUSE 10.2)
- First make an entry into your jail.conf file.
[qpopper] enabled = true port = pop3 filter = qpopperlogin action = iptables[name=%(__name__)s, port=%(port)s] sendmail-whois[name=qpopper, firstname.lastname@example.org] logpath = /var/log/mail maxretry = 5
- Then create a file in filter.d directory called qpopperlogin.conf This failregex statement was sent to the fail2safe mail list by Sven Neukirchner.
[Definition] failregex = popper\[[0-9]+\]:\s\[AUTH\]\sFailed\sattempted\slogin\sto\s \S+\sfrom\shost\s(\S+)\s<HOST>(?:\s\[pop_pass\.c.*\])?$ ignoreregex =
- for strings like
- Oct 16 14:42:00 alpha popper: anton at 22.214.171.124 (126.96.36.199): -#ERR [AUTH] Password supplied for "anton" is incorrect. [pop_pass.c:1173]
- failregex = \(<HOST>\):\ -ERR\ \[AUTH\]
That should do it!