So, I've been trying to get Fail2ban working with Postfix.
It has been a bit of a hassle and I'm still not sure if I've got it working properly.
First, when I edit jail.conf to enable the postfix configuration, Fail2ban stops working when I add a ports listing.
Second, I've got it running without errors but can see that Fail2ban isn't blocking incoming bruteforcing attempts on Postfix. I can see the attacks happening in the mail logs but can't see Fail2ban blocking them. The Postfix jail is showing when I run "fail2ban-client status".
I've a crapload of studying up to do, as I just found the man pages for fail2ban-client.
I need to configure for FTP and HTTP as well. SSH is already done.
UPDATE (1/15/2017) - I now have Fail2ban working with more than just SSH. I'm running it to monitor Apache and Xinetd, as well as MySQL and php-url-fopen attacks. But I'm stills struggling with getting it to track Postfix brute-forcing attempts.
No comments:
Post a Comment