Setting up fail2ban for Postfix
[postfix]
enabled = true
port = smtp,ssmtp
filter = postfix
action = mail-whois[name=postfix, dest=my@email.com]
logpath = /var/log/mail.log
maxretry = 10
How do I add an iptables action to this? There are two possible ports, so I'm not sure what would be in the port and protocol parameters:
iptables[name=postfix, port=??, protocol=??]
2 Replies
looks like
action = mail-whois[name=postfix, dest=my@email.com]
iptables[name=postfix, port=smtp, protocol=tcp]
iptables[name=postfix, port=ssmtp, protocol=tcp]
Neither of these services can really be accessed over UDP, so putting TCP as the protocol should cover it. For a service that can be accessed over both, you can just add extra actions having protocol=udp.
@Vance:
It
you can have multiple actions, so something like the below would cover both ports. looks likeaction = mail-whois[name=postfix, dest=my@email.com] iptables[name=postfix, port=smtp, protocol=tcp] iptables[name=postfix, port=ssmtp, protocol=tcp]
Neither of these services can really be accessed over UDP, so putting TCP as the protocol should cover it. For a service that can be accessed over both, you can just add extra actions having protocol=udp.
Thanks, that makes sense:)