Usare Fail2ban con Dovecot

Creare il file filtro /etc/fail2ban/filter.d/dovecot-pop3imap.conf:


[Definition]
failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login \(auth failed|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
ignoreregex =


Aggiungere quanto segue al file /etc/fail2ban/jail.conf:


[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap", protocol=tcp]
logpath = /var/log/maillog
maxretry = 20
findtime = 1200
bantime = 1200