fail2ban:how_to_protect_exim4_with_fail2ban
Table of Contents
Introduction
The following example protect Exim4 from external attacks, for instance open relay.
The filter consist in parsing '/var/log/exim4/rejectlog' file with messages that contains 'relay not permitted' or 'check_mail_01'. The last message is a output of a custom ACL that protect Exim server from Phishing.
Procedure
- Edit /etc/fail2ban/jail.conf and add the following section:
[exim] enabled = true filter = exim port = smtp,ssmtp action = iptables-allports[name=exim, protocol=tcp] #action = iptables[name=exim, port="smtp", protocol=tcp] logpath = /var/log/exim4/rejectlog maxretry = 1
- Edit /etc/fail2ban/filter.d/exim.conf and ajust the line 'failregex' with:
failregex = .*\[<HOST>\].*(?:relay not permitted|check_mail_01).*
- Restart Fail2ban:
service restart fail2ban
Resources
fail2ban/how_to_protect_exim4_with_fail2ban.txt · Last modified: 2020/04/10 17:38 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
