私のメールサーバーをスキャンしている人がいます。
それらをブロックするにはどうすればよいですか?
私はこれを追加しようとしましたが、役に立ちません:
/etc/hosts.deny
ALL: 80.82.77.18
私はこれをログに見ます:
...
Aug 23 03:34:40 auth-worker(1664): Info: sql([email protected],80.82.77.18): unknown user (given password: torcac)
Aug 23 03:35:17 auth-worker(1664): Info: sql([email protected],80.82.77.18): unknown user (given password: roselia)
Aug 23 03:35:56 auth-worker(1664): Info: sql([email protected],80.82.77.18): unknown user (given password: japan)
Aug 23 03:36:35 auth-worker(1664): Info: sql([email protected],80.82.77.18): unknown user (given password: berta)
Aug 23 03:37:08 auth-worker(1664): Info: sql(blue,193.169.252.176): unknown user (given password: 123456)
Aug 23 03:37:12 auth-worker(1664): Info: sql([email protected],80.82.77.18): unknown user (given password: keely)
Aug 23 03:37:49 auth-worker(1664): Info: sql([email protected],80.82.77.18): unknown user (given password: marcelia)
Aug 23 03:38:26 auth-worker(1664): Info: sql([email protected],80.82.77.18): unknown user (given password: yate)
Aug 23 03:39:02 auth-worker(1664): Info: sql([email protected],80.82.77.18): unknown user (given password: silvie)
Aug 23 03:39:41 auth-worker(1664): Info: sql([email protected],80.82.77.18): unknown user (given password: seven)[email protected],80.82.77.18): unknown user (given password: bang)
...
fail2Banをインストールします
:apt-get install fail2ban
メモリ使用量を制限するには、/ etc/default/fail2banに次を追加します。
+ulimit -s 256
ローカル設定ファイル/etc/fail2ban/jail.localを作成して、jail.confの設定を上書きします。
:cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
:vi /etc/fail2ban/jail.local
[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot
logpath = /var/log/mail.log
maxretry = 3
[postfix]
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 3
[sasl]
enabled = true
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = sasl
logpath = /var/log/mail.log
maxretry = 3
編集
Fail2ban(Debian Squeeze)は、Dovecotの構成に付属していないため、/ etc/fail2ban/filter.d /dovecot.confを作成します。
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.*
ignoreregex =
Fail2banを再起動します。
# /etc/init.d/fail2ban restart