利用fail2ban拦截别人猜解邮箱密码
2016/4/27 22:07:31 点击:
自从架设了邮件服务器,被人扫描,那是少不了的事情,所以居于安全考虑,必须在LINUX的邮件服务器上装一个fail2ban,这个小插件,是居于IPTABLES来进行拦截的,所以,你的LINUX上要开启了IPTABLES,才能起到作用,下面讲下具体的安装部署:
安装这个软件非常的简单,直接yum install fail2ban即可搞定,安装完以后,文件都保存到了/etc/fail2ban目录下,我们要做的,仅仅是修改jail.conf配置文件,然后重启fail2ban就搞定一切了.
下面就是详细的配置文件,直接替换掉你原来的即可,同时可以拦截SSH端口扫描:
#这里可以设置白名单IP,多个IP用空格分隔
ignoreip = 127.0.0.1
#这里设置拦截的时间,也就是24小时
bantime = 86400
#这里设置的是查找时间,针对下面次数的时间范围,下面是5小时
findtime = 18000
#这里设置允许的次数,一般3-5次就可以了
maxretry = 5
backend = auto
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=22, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
[pop3-iptables]
enabled = true
filter = postfix
action = iptables[name=pop3, port=110, protocol=tcp]
logpath = /var/log/maillog
bantime = 86400
findtime = 1440
maxretry = 5
[smtp-iptables]
enabled = true
filter = postfix
action = iptables[name=smtp, port=25, protocol=tcp]
logpath = /var/log/maillog
bantime = 86400
findtime = 1440
maxretry = 5
[imap-iptables]
enabled = true
filter = postfix
action = iptables[name=imap, port=143, protocol=tcp]
logpath = /var/log/maillog
bantime = 86400
findtime = 1440
安装这个软件非常的简单,直接yum install fail2ban即可搞定,安装完以后,文件都保存到了/etc/fail2ban目录下,我们要做的,仅仅是修改jail.conf配置文件,然后重启fail2ban就搞定一切了.
下面就是详细的配置文件,直接替换掉你原来的即可,同时可以拦截SSH端口扫描:
====================================================
[DEFAULT]#这里可以设置白名单IP,多个IP用空格分隔
ignoreip = 127.0.0.1
#这里设置拦截的时间,也就是24小时
bantime = 86400
#这里设置的是查找时间,针对下面次数的时间范围,下面是5小时
findtime = 18000
#这里设置允许的次数,一般3-5次就可以了
maxretry = 5
backend = auto
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=22, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
[pop3-iptables]
enabled = true
filter = postfix
action = iptables[name=pop3, port=110, protocol=tcp]
logpath = /var/log/maillog
bantime = 86400
findtime = 1440
maxretry = 5
[smtp-iptables]
enabled = true
filter = postfix
action = iptables[name=smtp, port=25, protocol=tcp]
logpath = /var/log/maillog
bantime = 86400
findtime = 1440
maxretry = 5
[imap-iptables]
enabled = true
filter = postfix
action = iptables[name=imap, port=143, protocol=tcp]
logpath = /var/log/maillog
bantime = 86400
findtime = 1440
maxretry = 5
====================================================
然后将/etc/fail2ban/filter.d/postfix.conf的内容修改为如下:
====================================================
[Definition]
failregex = : warning: [-._\w]+\[\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
warning: unknown\[\]: SASL LOGIN authentication failed
LOGIN FAILED, .*, ip=\[\]$
warning: (.*)\[\]: SASL LOGIN authentication failed
ignoreregex =
====================================================
最后执行service fail2ban restart重启,搞定
文件下载:fail2ban.rar (点击右键可另存)
- 上一篇:Postfix 反垃圾过滤 [2016-4-27]
- 下一篇:给POSTFIX邮件服务器安装DKIM [2016-4-27]