Mailserver absichern (Ubuntu 18.04)
Fail2Ban
Noch in Bearbeitung
Allgemein
Verhindert unter anderem Wörterbuchangriffe durch temporäre Anpassung von Firewall-Regeln.
Installation
Siehe Fail2Ban
Konfiguration
Nachdem Fail2Ban installiert wurde, muss noch eine Konfigurationsdatei für Dovecot angelegt
sudo vi /etc/fail2ban/jail.d/mailserver.conf
und mit folgendem Inhalt befüllt werden:
[postfix] enabled = true port = smtp,submission filter = postfix logpath = /var/log/mail.log [sasl] enabled = true port = smtp,submission,imap2,imap3,imaps,pop3,pop3s filter = postfix-sasl # You might consider monitoring /var/log/mail.warn instead if you are # running postfix since it would provide the same log lines at the # "warn" level but overall at the smaller filesize. logpath = /var/log/mail.log
sudo vi /etc/fail2ban/filter.d/postfix-sasl.conf
# Fail2Ban filter for postfix authentication failures
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = (?:postfix/smtpd|postfix/submission/smtpd)
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:Login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:Login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:
^%(__prefix_line)swarning: (.*?)does not resolve to address <HOST>: Name or service not known$
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:login|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:
ignoreregex =
Links
https://wiki.dovecot.org/HowTo/Fail2Ban
https://forum.howtoforge.de/threads/fail2ban-postfix-sasl-conf.9731/
Zurück zu Mailserver einrichten