Configure Fail2ban to block SASL login failed attempts in Postfix

From MyWiki

Jump to: navigation, search

Ref - https://bobcares.com/blog/fail2ban-postfix-sasl/

Add the following section in the jail.local file.

[sasl]
enabled  = true
port     = smtp
filter   = postfix-sasl
logpath  = /var/log/mail.log
maxretry = 5

We need to configure Fail2Ban filter for postfix authentication failures in /etc/fail2ban/filter.d/postfix-sasl.conf

# Fail2Ban filter for postfix authentication failures
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix/smtpd
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$

Retrieved from "https://wiki.twig.es/index.php?title=Configure_Fail2ban_to_block_SASL_login_failed_attempts_in_Postfix&oldid=4336"