Cannot enable Fail2ban postfix-sasl jail

simon1066 · August 16, 2022, 4:19pm

SYSTEM INFORMATION
OS type and version	CentOS Linux 7.9.2009
Webmin version	1.994
Usermin version	1.840
Virtualmin version	7.1
Theme version	19.93.1

Fail2ban is not applying any filters/rules to IP’s abusing SASL login authentication.

The result of fail2ban-client status is

Status
|- Number of jail:      6
`- Jail list:   dovecot, pam-generic, postfix, proftpd, sshd, webmin-auth

However in Webmin > Networking > Fail2Ban Intrusion Detector > Filter Action Jails > postfix-sasl

I have it enabled:

and to confirm fail2ban-client status, in Webmin > Networking > Fail2Ban Intrusion Detector > Jails Status I have:

How can I get Fail2Ban to recognise postfix-sasl jail?

simon1066 · August 16, 2022, 5:28pm

I note this from fail2ban’s github:

filter.d/postfix-sasl.conf: removed (replaced with postfix[mode=auth])

I wonder if that is the reason why Webmin(?) cannot fully enable postfix-sasl. Just thinking.

simon1066 · August 16, 2022, 5:51pm

Ok, I think I might have made some progress, in /etc/fail2ban/jail.local I added a filter line to the sasl section:

[postfix-sasl]

filter = postfix[mode=auth]
enabled = true
port    = smtp,465,submission,imap3,imaps,pop3,pop3s

postfix-sasl now shows under fail2ban-client status, I’m not convinced that has auto-magically sorted it but I’ll leave it for now and come back to it.

system · October 15, 2022, 5:51pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.