Author: Chris Knadle Date: To: exim-users Subject: Re: [exim] Stopping Bruteforceattacks
On Thursday, July 26, 2012 07:51:39, Peter Velan wrote: > am 25.07.2012 12:30 schrieb Chris Knadle:
> > On Wednesday, July 25, 2012 04:44:32, Mihamina Rakotomandimby wrote:
> >> If me, I'd filter at IP level, based on some reject log information.
> >> That's the job of fail2ban, but I dont know if it parses Exim logs.
> > By default fail2ban doesn't scan Exim logs, but what logs are scanned is
> > customizable; for instance something like the following added to
> > fail2ban's jail.conf:
> > -----------------------
> > #
> > # Exim4 email MTA
> > #
> > [exim4]
> > enabled = true
> > port = smtp
> > filter = exim4
> > logpath = /var/log/exim4/mainlog
> > bantime = 28800
> > maxretry = 3
> I'm using daily mainlogs á la "mainlog-20120726". What would be an
> elegant way to configure fail2ban in this case?
For this I'd probably have logrotate remake a softlink from the daily mainlog
file to a standard filename that fail2ban can search through. This might
require using a postrotate/endscript.
This message was posted to the following mailing lists: