Mailserver absichern (Ubuntu 18.04): Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 40: | Zeile 40: | ||
<pre> | <pre> | ||
sudo vi /etc/fail2ban/filter.d/postfix-sasl.conf | sudo vi /etc/fail2ban/filter.d/postfix-sasl.conf | ||
</pre> | |||
<pre> | |||
# Fail2Ban filter for postfix authentication failures | |||
# | |||
[INCLUDES] | |||
before = common.conf | |||
[Definition] | |||
_daemon = (?:postfix/smtpd|postfix/submission/smtpd) | |||
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ | |||
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:Login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ | |||
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: | |||
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:Login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: | |||
^%(__prefix_line)swarning: (.*?)does not resolve to address <HOST>: Name or service not known$ | |||
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ | |||
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: | |||
ignoreregex = | |||
</pre> | </pre> | ||
Version vom 31. März 2020, 18:17 Uhr
Fail2Ban
Noch in Bearbeitung
Allgemein
Verhindert unter anderem Wörterbuchangriffe durch temporäre Anpassung von Firewall-Regeln.
Installation
Siehe Fail2Ban
Konfiguration
Nachdem Fail2Ban installiert wurde, muss noch eine Konfigurationsdatei für Dovecot angelegt
sudo vi /etc/fail2ban/jail.d/mailserver.conf
und mit folgendem Inhalt befüllt werden:
[postfix] enabled = true port = smtp,ssmtp,submission filter = postfix logpath = /var/log/mail.log [sasl] enabled = true port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s filter = postfix-sasl # You might consider monitoring /var/log/mail.warn instead if you are # running postfix since it would provide the same log lines at the # "warn" level but overall at the smaller filesize. logpath = /var/log/mail.log
sudo vi /etc/fail2ban/filter.d/postfix-sasl.conf
# Fail2Ban filter for postfix authentication failures
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = (?:postfix/smtpd|postfix/submission/smtpd)
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:Login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:Login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:
^%(__prefix_line)swarning: (.*?)does not resolve to address <HOST>: Name or service not known$
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:
ignoreregex =
Links
https://wiki.dovecot.org/HowTo/Fail2Ban
https://forum.howtoforge.de/threads/fail2ban-postfix-sasl-conf.9731/
Zurück zu Mailserver einrichten