User Tools

Site Tools


fail2ban:how_to_protect_exim4_with_fail2ban

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

fail2ban:how_to_protect_exim4_with_fail2ban [2015/06/29 12:10] (current)
Line 1: Line 1:
 +====== Introduction ======
  
 + The following example protect Exim4 from external attacks, for instance open relay.
 +
 + The filter consist in parsing '/​var/​log/​exim4/​rejectlog'​ file with messages that contains 'relay not permitted'​ or '​check_mail_01'​. The last message is a output of a custom ACL that protect Exim server from Phishing.
 +
 +====== Procedure ======
 +
 +  * Edit ///​etc/​fail2ban/​jail.conf//​ and add the following section:<​code>​[exim]
 +enabled = true
 +filter ​ = exim
 +port    = smtp,ssmtp
 +action ​ = iptables-allports[name=exim,​ protocol=tcp]
 +#​action ​  = iptables[name=exim,​ port="​smtp",​ protocol=tcp]
 +logpath = /​var/​log/​exim4/​rejectlog
 +maxretry = 1</​code>​
 +  * Edit /​etc/​fail2ban/​filter.d/​exim.conf and ajust the line '​failregex'​ with:<​code>​failregex = .*\[<​HOST>​\].*(?:​relay not permitted|check_mail_01).*</​code>​
 +  * Restart Fail2ban: <​code>​service restart fail2ban</​code>​
 +
 +
 +====== Resources ======
 +
 +  * http://​www.zaphinath.com/​custom-filter-for-exim-through-fail2ban/​
fail2ban/how_to_protect_exim4_with_fail2ban.txt ยท Last modified: 2015/06/29 12:10 (external edit)