Mailserver absichern (Ubuntu 18.04): Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Zeile 23: | Zeile 23: | ||
[postfix] | [postfix] | ||
enabled = true | enabled = true | ||
port = smtp | port = smtp,submission | ||
filter = postfix | filter = postfix | ||
logpath = /var/log/mail.log | logpath = /var/log/mail.log | ||
Zeile 29: | Zeile 29: | ||
[sasl] | [sasl] | ||
enabled = true | enabled = true | ||
port = smtp | port = smtp,submission,imap2,imap3,imaps,pop3,pop3s | ||
filter = postfix-sasl | filter = postfix-sasl | ||
# You might consider monitoring /var/log/mail.warn instead if you are | # You might consider monitoring /var/log/mail.warn instead if you are |
Version vom 31. März 2020, 18:45 Uhr
Fail2Ban
Noch in Bearbeitung
Allgemein
Verhindert unter anderem Wörterbuchangriffe durch temporäre Anpassung von Firewall-Regeln.
Installation
Siehe Fail2Ban
Konfiguration
Nachdem Fail2Ban installiert wurde, muss noch eine Konfigurationsdatei für Dovecot angelegt
sudo vi /etc/fail2ban/jail.d/mailserver.conf
und mit folgendem Inhalt befüllt werden:
[postfix] enabled = true port = smtp,submission filter = postfix logpath = /var/log/mail.log [sasl] enabled = true port = smtp,submission,imap2,imap3,imaps,pop3,pop3s filter = postfix-sasl # You might consider monitoring /var/log/mail.warn instead if you are # running postfix since it would provide the same log lines at the # "warn" level but overall at the smaller filesize. logpath = /var/log/mail.log
sudo vi /etc/fail2ban/filter.d/postfix-sasl.conf
# Fail2Ban filter for postfix authentication failures # [INCLUDES] before = common.conf [Definition] _daemon = (?:postfix/smtpd|postfix/submission/smtpd) failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:Login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:Login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: ^%(__prefix_line)swarning: (.*?)does not resolve to address <HOST>: Name or service not known$ ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: ignoreregex =
Links
https://wiki.dovecot.org/HowTo/Fail2Ban
https://forum.howtoforge.de/threads/fail2ban-postfix-sasl-conf.9731/
Zurück zu Mailserver einrichten