Someone or many trying to get into my server… so i want something to protect myself from sasl attacks, floods, ssh, webmin/usermin, bruteforce generally… is there something can do… ?
what about sasl attack / bruteforce at postfix - fail2ban - i ve enabled but not banning/blocking ips - is there a tutorial for virtualmin (or something i can do ?)…
Assuming Fail2Ban is enabled and has default configuration; in Webmin → Networking → Fail2Ban Intrusion Detector, click Filter Action Jails and see list of jails
Click Postfix-SASL to see the edit jail screen. Set Currently enabled? to yes. Set Filter to search log for: select Postfix-SASL from dropdown. For Actions to apply set Action to iptables-allports; name to postfix-sasl; port to 0:65535; protocol to TCP. Log file path should already be set to %(postfix_log)s. Leave the other settings to default for now. Hit Save.
Do a similar configuration for webmin-auth, postfix, dovecot and any other services you feel you need to protect against brute force attacks.
Restart Fail2ban. After a few minutes, check if offending IPs are being jailed:
Blockquote
sudo fail2ban-client status postfix-sasl
Status for the jail: postfix-sasl
|- Filter
| |- Currently failed: 0
| |- Total failed: 3
| - File list: /var/log/mail.warn - Actions
|- Currently banned: 42
|- Total banned: 42
`-