User Tools

Site Tools


fail2ban:how_to_protect_exim4_with_fail2ban

Table of Contents

Introduction

The following example protect Exim4 from external attacks, for instance open relay.

The filter consist in parsing '/var/log/exim4/rejectlog' file with messages that contains 'relay not permitted' or 'check_mail_01'. The last message is a output of a custom ACL that protect Exim server from Phishing.

Procedure

  • Edit /etc/fail2ban/jail.conf and add the following section:
    [exim]
    enabled = true
    filter  = exim
    port    = smtp,ssmtp
    action  = iptables-allports[name=exim, protocol=tcp]
    #action   = iptables[name=exim, port="smtp", protocol=tcp]
    logpath = /var/log/exim4/rejectlog
    maxretry = 1
  • Edit /etc/fail2ban/filter.d/exim.conf and ajust the line 'failregex' with:
    failregex = .*\[<HOST>\].*(?:relay not permitted|check_mail_01).*
  • Restart Fail2ban:
    service restart fail2ban

Resources

fail2ban/how_to_protect_exim4_with_fail2ban.txt · Last modified: 2020/04/10 17:38 (external edit)