fail2ban

Section: (pj)
Updated: 2023-09-04
Index Return to Main Contents

On Ubuntu you can install fail2ban like this:

: sudo apt update sudo apt install fail2ban sudo systemctl enable fail2ban sudo systemctl start fail2ban

Customize it by putting things in /etc/fail2ban/jail.local. For example:

[DEFAULT] bantime = 10m findtime = 10m maxretry = 5 destemail = root@localhost sender = once@9stmaryrd.com mta = sendmail

[postfix-sasl] enabled = true filter = postfix-sasl logpath = /var/log/mail.log

[sshd] port = 22,2777

Then in /etc/fail2ban/filter.d/postfix-sasl.conf you can have:

: [INCLUDES] before = common.conf
[Definition] _daemon = postfix(-\w+)?/\w+(?:/smtp[ds])? # For example, match this: # Apr 4 14:52:59 www postfix/submission/smtpd[993587]: warning: unknown[91.224.92.22]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 failregex = ha%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$

You can make sure it's working like this:

: sudo fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/postfix-sasl.conf sudo fail2ban-client status sshd sudo fail2ban-client status postfix sudo iptables -S

AUTHORS

Paul A. Jungwirth.

This document was created by man2html, using the manual pages.
Time: 21:16:02 GMT, January 04, 2026