Fail2ban

From Cheatsheet

Jump to: navigation, search

fail2ban blocks things temporarily by putting iptables rules in place, then removing them, which is for brute force attacks

Postfix 

 failregex = reject: RCPT from (.*)\[<HOST>\]: 450

This rule (checked for 10 or more occurrences) blocks programs hammering the server that has a greylisting protection (policyd in my case). 

 failregex = NOQUEUE: reject: RCPT from (.*)\[<HOST>\]: 5\d\d

This rule (checked for 3 occurrences) blocks IPs blocked bi RBL lookups that keep connecting even if they receive a "permanent failure" kind of error.

Retrieved from "http://logicalwebhost.com/cheatsheet/index.php/Fail2ban"
Personal tools