HOWTO fail2ban with qpopper
Configuration for qpopper pop3 daemon is done as follows:
- First make an entry into your jail.conf (/etc/fail2ban/jail.local on Debian/Ubuntu) file.
# this is for openSUSE 10.2 [qpopper] enabled = true port = pop3 filter = qpopperlogin action = iptables[name=%(__name__)s, port=%(port)s] sendmail-whois[name=qpopper, email@example.com] logpath = /var/log/mail maxretry = 5
# this is for Debian/Ubuntu [qpopper] enabled = true port = pop3,pop3s filter = qpopperlogin logpath = /var/log/mail.log
- Then create a file in filter.d directory called qpopperlogin.conf The first failregex statement was sent to the fail2ban mail list by Sven Neukirchner.
# openSUSE [Definition] failregex = popper\[[0-9]+\]:\s\[AUTH\]\sFailed\sattempted\slogin\sto\s\S+\sfrom\shost\s(\S+)\s<HOST>(?:\s\[pop_pass\.c.*\])?$ ignoreregex =
# Debian/Ubuntu [Definition] failregex = popper\[[0-9]+\]:.*\(<HOST>\):\ -ERR\ \[AUTH\]\ ignoreregex =