Setting up fail2ban for Postfix

I put this in my jail.local file:

[postfix]
enabled  = true
port     = smtp,ssmtp
filter   = postfix
action   = mail-whois[name=postfix, dest=my@email.com]
logpath  = /var/log/mail.log
maxretry = 10

How do I add an iptables action to this? There are two possible ports, so I'm not sure what would be in the port and protocol parameters:

iptables[name=postfix, port=??, protocol=??]

2 Replies

It looks like you can have multiple actions, so something like the below would cover both ports.

action   = mail-whois[name=postfix, dest=my@email.com]
           iptables[name=postfix, port=smtp, protocol=tcp]
           iptables[name=postfix, port=ssmtp, protocol=tcp]

Neither of these services can really be accessed over UDP, so putting TCP as the protocol should cover it. For a service that can be accessed over both, you can just add extra actions having protocol=udp.

@Vance:

It looks like you can have multiple actions, so something like the below would cover both ports.

action   = mail-whois[name=postfix, dest=my@email.com]
           iptables[name=postfix, port=smtp, protocol=tcp]
           iptables[name=postfix, port=ssmtp, protocol=tcp]

Neither of these services can really be accessed over UDP, so putting TCP as the protocol should cover it. For a service that can be accessed over both, you can just add extra actions having protocol=udp.
Thanks, that makes sense :)

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct