fail2ban – lost connection after auth from unknown

fail2ban-lost-connection-after-auth-unknown

Jul 20 14:57:56 mattionline postfix/smtpd[997]: connect from unknown[103.238.231.244]
Jul 20 14:57:56 mattionline postfix/smtpd[997]: lost connection after CONNECT from unknown[103.238.231.244]
Jul 20 14:57:56 mattionline postfix/smtpd[997]: disconnect from unknown[103.238.231.244]
Jul 20 14:57:58 mattionline postfix/smtpd[1000]: lost connection after AUTH from unknown[103.238.231.244]
Jul 20 14:57:58 mattionline postfix/smtpd[1000]: disconnect from unknown[103.238.231.244]
Jul 20 14:58:10 mattionline postfix/smtpd[997]: connect from unknown[103.238.231.244]
Jul 20 14:58:10 mattionline postfix/smtpd[997]: lost connection after CONNECT from unknown[103.238.231.244]
Jul 20 14:58:10 mattionline postfix/smtpd[997]: disconnect from unknown[103.238.231.244]
Jul 20 14:58:11 mattionline postfix/smtpd[1000]: connect from unknown[103.238.231.244]

fail2ban solution:

nano /etc/fail2ban/jail.local

[postfix-auth]
# Ban for 10 minutes if it fails 6 times within 10 minutes
enabled = true
port = smtp,ssmtp
filter = postfix-auth
logpath = /var/log/mail.log
maxretry = 6
bantime = 600
findtime = 600

nano /etc/fail2ban/filter.d/postfix-auth.conf

[Definition]
failregex = lost connection after AUTH from (.*)\[<HOST>\]
ignoreregex =

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.