I need to block failed authantication for postfix. How do I do that with fail2ban? I find many differect thread on forum (again) but do not want to mess up server.
Enable the jails you want. You can see what jails and filters are available from file /etc/fail2ban/jail.conf. For example [postfix-sasl]. Then enable it by adding to /etc/fail2ban/jail.local Code: [postfix-sasl] enabled = true Further info in Fail2ban documentation. PS I just noticed the above information I wrote may be completely bogus for you, since I do not know what Operating System you are running. So if it is not Debian, what I wrote may not apply.
It was already there but after I added following I was able to make it work: Code: [dovecot] enabled = true filter = dovecot logpath = /var/log/mail.log maxretry = 10 bantime = 7200 One question, dovecot is for pop and imap, so what is postfix-sasl is for there?
You wrote in #1: Reading the /etc/fail2ban/filter.d/postfix-sasl.conf shows at the first lines Code: # Fail2Ban filter for postfix authentication failures #