Re: [exim] Stopping Bruteforceattacks

Inizio della pagina
Delete this message
Reply to this message
Autore: Peter Velan
Data:  
To: exim-users
Oggetto: Re: [exim] Stopping Bruteforceattacks
am 26.07.2012 17:14 schrieb Chris Knadle:
> On Thursday, July 26, 2012 07:51:39, Peter Velan wrote:
>> am 25.07.2012 12:30 schrieb Chris Knadle:
>> > On Wednesday, July 25, 2012 04:44:32, Mihamina Rakotomandimby wrote:
>> >> If me, I'd filter at IP level, based on some reject log information.
>> >> That's the job of fail2ban, but I dont know if it parses Exim logs.
>> >
>> > By default fail2ban doesn't scan Exim logs, but what logs are scanned is
>> > customizable; for instance something like the following added to
>> > fail2ban's jail.conf:
>> >
>> > -----------------------
>> >
>> > #
>> > # Exim4 email MTA
>> > #
>> >
>> > [exim4]
>> >
>> > enabled = true
>> > port = smtp
>> > filter = exim4
>> > logpath = /var/log/exim4/mainlog
>> > bantime = 28800
>> > maxretry = 3
>>
>> I'm using daily mainlogs á la "mainlog-20120726". What would be an
>> elegant way to configure fail2ban in this case?
>
> For this I'd probably have logrotate remake a softlink from the daily mainlog
> file to a standard filename that fail2ban can search through. This might
> require using a postrotate/endscript.


Aah good idea, will try it this way.

Thanks,
Peter