Fail2ban Default Problem

Help! (Home for newbies)
40

Please share your jail.local.

Here is one setup I use in a VPS and work as is on CentOS/Rocky Linux.

You may need to adjust the mail log location, other than that you could set on each jail: maxretry = 3 and bantime = 5m and to do a quick check

As always backup your jail.local before do the changes so you can go back if needed.

/etc/fail2ban/jail.local

[dovecot]

enabled = true
port    = pop3,pop3s,imap,imaps,submission,465,sieve
bantime = 2d
#logpath  = /var/log/maillog
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s
mode = aggressive
maxretry = 20
findtime = 4h
bantime = 30m


[postfix-blacklist]

enabled  = true
port     = smtp,465,submission
filter    = postfix[mode=rbl]
logpath  = /var/log/maillog
findtime = 6h
bantime = 1d
maxretry = 1


[postfix-connection]

enabled  = true
filter   = postfix[mode=ddos]
port     = smtp,465,submission,imap,imaps,pop3,pop3s
bantime = 2d
logpath  = /var/log/maillog
findtime  = 5m
maxretry = 15


[postfix-rejected]

enabled  = true
port     = smtp,465,submission,imap,imaps,pop3,pop3s
bantime = 7d
logpath  = %(postfix_log)s
maxretry = 1
findtime = 1h


[postfix-sasl]

filter   = postfix[mode=auth]
enabled  = true
port     = smtp,465,submission,imap,imaps,pop3,pop3s
bantime = 2d
#logpath  = /var/log/maillog
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s
findtime  = 8h
maxretry = 10


[postfix-auth]

filter   = postfix[mode=auth]
enabled  = true
port     = smtp,465,submission,imap,imaps,pop3,pop3s
bantime = 2d
#logpath  = /var/log/maillog
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s
findtime  = 4m
maxretry = 6

logpath can be the path or the variable.

on webmin, tools, terminal you can run following commands:

After changes to jail.local, restart fail2ban & firewall

sudo systemctl restart fail2ban
sudo systemctl restart firewalld    (CentOS/Rocky Linux)

To release all ip and start banning again:

sudo fail2ban-client unban --all

To check banned ips:

fail2ban-server status dovecot
fail2ban-server status postfix-connection
fail2ban-server status postfix-sasl
fail2ban-server status postfix-blacklist
fail2ban-server status postfix-rejected

To stop spam (received) check this post Fighting Spam & Malware with Virtualmin

To stop spam sent I will create a new post this week and hopefully will have some help. For now it may help to set a rate limit at Virtualmin, Email settings, Mail Rate Limit. This won’t stop spam but will give you time a litle time to fix it and above all you will notice right away when someone is sending spam as nobody will be able to send email.

I can help troubleshooting after 7pm CST if you provide me access.

1 Like