From 34628d450fff7d030ba3489fcda0741843a206c5 Mon Sep 17 00:00:00 2001 From: DDATAA <45762540+Ddataa@users.noreply.github.com> Date: Tue, 20 Dec 2022 10:15:00 +0000 Subject: [PATCH 1/3] Add SASL login failure jail in order to prevent those ``` Aug 31 22:23:52 hostxyz postfix/smtpd[38697]: warning: unknown[192.168.xx.xx]: SASL LOGIN authentication failed: authentication failure Aug 31 22:23:52 hostxyz postfix/smtpd[38697]: lost connection after AUTH from unknown[192.168.xx.xx] ``` --- conf/fail2ban/yunohost-jails.conf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/conf/fail2ban/yunohost-jails.conf b/conf/fail2ban/yunohost-jails.conf index 1cf1a1966..911f9cd85 100644 --- a/conf/fail2ban/yunohost-jails.conf +++ b/conf/fail2ban/yunohost-jails.conf @@ -8,6 +8,13 @@ enabled = true [postfix] enabled = true +[sasl] +enabled = true +port = smtp +filter = postfix-sasl +logpath = /var/log/mail.log +maxretry = 5 + [dovecot] enabled = true From b3940f199e11635189c08b3e39eb759b721f259a Mon Sep 17 00:00:00 2001 From: DDATAA <45762540+Ddataa@users.noreply.github.com> Date: Tue, 20 Dec 2022 10:20:21 +0000 Subject: [PATCH 2/3] Create postfix-sasl.conf --- conf/fail2ban/postfix-sasl.conf | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 conf/fail2ban/postfix-sasl.conf diff --git a/conf/fail2ban/postfix-sasl.conf b/conf/fail2ban/postfix-sasl.conf new file mode 100644 index 000000000..a9f470782 --- /dev/null +++ b/conf/fail2ban/postfix-sasl.conf @@ -0,0 +1,6 @@ +# Fail2Ban filter for postfix authentication failures +[INCLUDES] +before = common.conf +[Definition] +_daemon = postfix/smtpd +failregex = ^%(__prefix_line)swarning: [-._\w]+\[\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ From c565c2f32814a7af852027a510636e7c597ad217 Mon Sep 17 00:00:00 2001 From: DDATAA <45762540+Ddataa@users.noreply.github.com> Date: Tue, 20 Dec 2022 19:25:14 +0000 Subject: [PATCH 3/3] Update 52-fail2ban --- hooks/conf_regen/52-fail2ban | 1 + 1 file changed, 1 insertion(+) diff --git a/hooks/conf_regen/52-fail2ban b/hooks/conf_regen/52-fail2ban index 8ef20f979..d463892c7 100755 --- a/hooks/conf_regen/52-fail2ban +++ b/hooks/conf_regen/52-fail2ban @@ -14,6 +14,7 @@ do_pre_regen() { mkdir -p "${fail2ban_dir}/jail.d" cp yunohost.conf "${fail2ban_dir}/filter.d/yunohost.conf" + cp postfix-sasl.conf "${fail2ban_dir}/filter.d/postfix-sasl.conf" cp jail.conf "${fail2ban_dir}/jail.conf" export ssh_port="$(yunohost settings get 'security.ssh.ssh_port')"