Re: [exim] Stopping Bruteforceattacks

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Chris Knadle
Data:  
Para: exim-users
Asunto: Re: [exim] Stopping Bruteforceattacks
On Thursday, July 26, 2012 07:51:39, Peter Velan wrote:
> am 25.07.2012 12:30 schrieb Chris Knadle:
> > On Wednesday, July 25, 2012 04:44:32, Mihamina Rakotomandimby wrote:
> >> If me, I'd filter at IP level, based on some reject log information.
> >> That's the job of fail2ban, but I dont know if it parses Exim logs.
> >
> > By default fail2ban doesn't scan Exim logs, but what logs are scanned is
> > customizable; for instance something like the following added to
> > fail2ban's jail.conf:
> >
> > -----------------------
> >
> > #
> > # Exim4 email MTA
> > #
> >
> > [exim4]
> >
> > enabled = true
> > port = smtp
> > filter = exim4
> > logpath = /var/log/exim4/mainlog
> > bantime = 28800
> > maxretry = 3
>
> I'm using daily mainlogs á la "mainlog-20120726". What would be an
> elegant way to configure fail2ban in this case?


For this I'd probably have logrotate remake a softlink from the daily mainlog
file to a standard filename that fail2ban can search through. This might
require using a postrotate/endscript.

-- Chris

--
Chris Knadle
Chris.Knadle@???