How can I prevent these? I configured the Fail2Ban using Falko's tutorial. I figure it is only a matter of time until they get in. Code: Sep 27 21:58:39 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:39 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:39 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:39 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:39 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:39 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:40 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:40 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:40 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:40 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:40 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:40 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:40 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:40 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:40 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:40 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:41 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:41 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:41 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:41 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:41 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:41 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:41 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:41 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:41 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:41 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:42 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:42 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:42 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:42 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:42 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:42 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:42 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:42 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:42 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:43 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:44 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:44 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:44 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:44 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:45 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:45 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:45 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:45 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:45 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:45 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:46 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:46 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:46 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:46 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:46 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:47 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:47 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:47 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:47 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:48 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:48 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:48 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:48 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:49 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:49 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:49 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:49 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:51 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:51 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:51 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:51 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:53 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:54 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 27 21:58:54 server1 pop3d: Maximum connection limit reached for ::ffff:72.245.44.154 Sep 28 01:04:44 server1 pop3d: Maximum connection limit reached for ::ffff:81.82.241.67 Sep 28 01:04:45 server1 pop3d: Maximum connection limit reached for ::ffff:81.82.241.67 Sep 28 06:30:32 server1 postfix/smtpd[23691]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Sep 28 06:30:44 server1 postfix/smtpd[23709]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Sep 28 06:30:55 server1 postfix/smtpd[23711]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Sep 28 06:31:07 server1 postfix/smtpd[23712]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Sep 28 06:31:18 server1 postfix/smtpd[23719]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Sep 28 06:31:30 server1 postfix/smtpd[23720]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Sep 28 06:31:41 server1 postfix/smtpd[23721]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Sep 28 06:31:53 server1 postfix/smtpd[23722]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Sep 28 06:32:04 server1 postfix/smtpd[23723]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Sep 28 06:32:16 server1 postfix/smtpd[23730]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Sep 28 06:32:28 server1 postfix/smtpd[23731]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Sep 28 06:32:39 server1 postfix/smtpd[23732]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Sep 28 06:32:51 server1 postfix/smtpd[23733]: warning: unknown[203.85.114.102]: SASL LOGIN authentication failed: authentication failure Any help would be appreciated. These are not being blocked by Fail2Ban.
They are not banned as you probably did not create a rule to do so. Have a look at your jail.local, and create a rule for pop3d
This the configuration for pop3 in fail2ban. Code: [courierpop3] enabled = true port = pop3 filter = courierlogin failregex = courierpop3login: LOGIN FAILED.*ip=\[.*:<HOST>\] logpath = /var/log/mail.log maxretry = 5 Here is the error in fail2ban: Code: 2009-09-27 06:25:03,593 fail2ban.comm : WARNING Invalid command: ['add', 'courierpop3', 'polling']
Are you using courierpop3? The rule that you need does probably look something like this (NOT TESTED!) [pop3d] enabled = true port = pop3 filter = pop3d failregex = pop3d: LOGIN FAILED.*ip=\[.*:<HOST>\] logpath = /var/log/mail.log maxretry = 5 Basicaly the rule scans your mail.log file for the text "pop3d: LOGIN FAILED", and logs the IP who is causig the LOGIN FAILED. After a maxretry of 5 times fail2ban will kick in, and block that IP. Make sure that you restart fail2ban after adding this.
It still does not work. Does anyone have a working jail.local file? I am using the Perfect Server Debian Lenny and ISPConfig 3.0.1.4. It would be a big help. Thanks.