next up previous contents
Next: Fail2ban 阻擋 DNS 的 Up: Fail2ban Previous: 基本設定   Contents

postfix sasl 登入攻擊

  1. 啟動 sasl-iptables,其中 filter postfix-sasl 對應到 /etc/fail2ban/filter.d/postfix-sasl.conf。
    [root@mail ~]# vim /etc/fail2ban/jail.loca 
    [root@mail ~]# tail -7 /etc/fail2ban/jail.local
    [sasl-iptables]
    enabled  = true
    filter   = postfix-sasl
    backend  = polling
    action   = iptables[name=sasl, port=smtp, protocol=tcp]
    #          sendmail-whois[name=sasl, dest=you@example.com]
    logpath  = /var/log/maillog
    
  2. 測試以 postfix-sasl.conf 過濾 maillog。
    [root@mail ~]# fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix-sasl.conf
    
  3. 啟動 fail2ban 服務並設定開機啟動。
    [root@mail ~]# /etc/init.d/fail2ban start
    Starting fail2ban:                                         [  OK  ]
    [root@mail ~]# chkconfig fail2ban on
    
  4. 檢查 iptables 防火牆,最後要有一段 f2b-sasl。
    [root@mail ~]#  iptables -L -nv
    Chain INPUT (policy DROP 193 packets, 19542 bytes)
     pkts bytes target     prot opt in     out     source               destination         
        4   240 f2b-sasl   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 
    ............
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 1531 packets, 298K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain f2b-sasl (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        4   240 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    



De-Yu Wang 2018-08-08