Section: (pj)
Index Return to Main Contents

On Ubuntu you can install fail2ban like this:

sudo apt update
sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Customize it by putting things in /etc/fail2ban/jail.local. For example:

bantime = 10m
findtime = 10m
maxretry = 5
destemail = root@localhost
sender =
mta = sendmail

enabled = true
filter = postfix-sasl
logpath = /var/log/mail.log

port = 22,2777

Then in /etc/fail2ban/filter.d/postfix-sasl.conf you can have:

before = common.conf

_daemon = postfix(-\w+)?/\w+(?:/smtp[ds])?
# For example, match this:
# Apr  4 14:52:59 www postfix/submission/smtpd[993587]: warning: unknown[]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
failregex = ha%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$

You can make sure it's working like this:

sudo fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/postfix-sasl.conf
sudo fail2ban-client status sshd
sudo fail2ban-client status postfix
sudo iptables -S



Paul A. Jungwirth.




This document was created by man2html, using the manual pages.
Time: 02:22:40 GMT, January 25, 2024