Introducing more security lockouts
- On-Premise Server + WebMail Installations: Version 6.0 > Current Version
- Webmail Only Installations: Version 6.0 > Current Version
Additional lockouts required
Fail2Ban is a great utility which can be found via: http://www.fail2ban.org. It checks for the output of various log files, and assigns an action to take, based on the IP address in the log file.This can be handy for introducing lockouts for various services. In this scenario, we will use Fail2Ban to create a lockout time for 3 consecutive failed logins to Exim SMTP Auth, via IP tables.
- Python 2.3 or newer
1.) Download Fail2Ban for your distribution via: http://www.fail2ban.org/wiki/index.php/Downloads
2.) If using the source version, untar the file, then install:
3.) This will create the fail2ban binary. To check if everything is running fine, run:
This will have an output similar to:
4.) Download the jail-smtpauth.conf and smtpauth.conf files from this article.
5.) Place jail-smtpauth.conf in /etc/fail2ban/jail.conf. Place smtpauth.conf in /etc/fail2ban/filter.d/smtpauth.conf.
6.) Start the fail2ban service:
7.) You can further alter the parameters. By default, if a user fails to login to Exim SMTP Auth for three times, the user is blocked from port 25 for about 10 minutes. Should you want to change this behaviour, open the /etc/fail2ban/jail.conf file, and find the following lines:
8.) So should you wish to set it so that the user can fail to login for five times in the span of 20 minutes, before banning the IP for an hour, the settings will look like:
9.) Stop and start Fail2Ban afterwards:
% fail2ban-client stop
% fail2ban-client start