Hi, i have in "Mail warn Log" a lot of these warnings. postfix/smtpd[4296]: warning: unknown[45.142.120.59]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 How to drop these Ip addresses for a week when 3 times try to connect? Thanks
Configure fail2ban to trigger on those login attempts. Better yet, check if it already has a filter that applies. Recidive jail triggers on repeat offenders and can ban for a week, for example.
Hi, I found this in the jail.conf Is this config active on this way ? I don't see if max try is 3 times ban this IP address [recidive] logpath = /var/log/fail2ban.log banaction = %(banaction_allports)s bantime = 1w findtime = 1d
No. https://www.fail2ban.org/wiki/index.php/Manual I have no idea what OS or what version you are running (since you do not bother mentioning such info), but on my Debian 10 system to activate a fail2ban jail I add to /etc/fail2ban/jail.local Code: [recidive] enabled = true and then restart fail2ban with Code: systemctl restart fail2ban.service
