Fail2Ban automatic or something to do with SASL attack

Hi there…

Someone or many trying to get into my server… so i want something to protect myself from sasl attacks, floods, ssh, webmin/usermin, bruteforce generally… is there something can do… ?

i have virtualmin on debian 9… any idea ?

Thanks in advance…

Have you seen this?

i ve seen now ! :slight_smile: but…

  • already have ssl
  • i am searching enable 2FA for webmin… etc…
  • what about sasl attack / bruteforce at postfix - fail2ban - i ve enabled but not banning/blocking ips - is there a tutorial for virtualmin (or something i can do ?)…

Thanks in advance…

Assuming Fail2Ban is enabled and has default configuration; in Webmin -> Networking -> Fail2Ban Intrusion Detector, click Filter Action Jails and see list of jails

Click Postfix-SASL to see the edit jail screen. Set Currently enabled? to yes. Set Filter to search log for: select Postfix-SASL from dropdown. For Actions to apply set Action to iptables-allports; name to postfix-sasl; port to 0:65535; protocol to TCP. Log file path should already be set to %(postfix_log)s. Leave the other settings to default for now. Hit Save.

Do a similar configuration for webmin-auth, postfix, dovecot and any other services you feel you need to protect against brute force attacks.

Restart Fail2ban. After a few minutes, check if offending IPs are being jailed:

sudo fail2ban-client status postfix-sasl


what is ? :grinning: :upside_down_face:

Lol, that’s a typo. Correcting, thanks.

1 Like

For those using CSF on CentOS I can suggest this:

It solved the bruteforce flooding in my case

seems that working good with fail2ban settings - calport gave me ! :slight_smile:

sudo fail2ban-client status postfix-sasl
Status for the jail: postfix-sasl
|- Filter
| |- Currently failed: 0
| |- Total failed: 3
| - File list: /var/log/mail.warn - Actions
|- Currently banned: 42
|- Total banned: 42

What means… that failed… ?

is failing maybe - that ip already blocked from route reject command (i ve already blocked some ip ranges) ???

Or failing for other reason ???

This is what I see on my system:

Status for the jail: postfix-sasl
|- Filter
|  |- Currently failed:	7
|  |- Total failed:	73
|  `- Journal matches:	_SYSTEMD_UNIT=postfix.service
`- Actions
   |- Currently banned:	23
   |- Total banned:	37
   `- Banned IP list:

…Why having fails… what means that ?..

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.