Vpopmail filter

Fail2Ban - Vpopmail filter

With this filter we’ll be able to block unwanted access on POP3 server.

Matching string

This filter will match the following string:

Sep 24 04:24:39 server-name vpopmail[26799]: vchkpw-smtp: vpopmail user not found office@:71.0.249.222

Create a new Python regexp

Go to /etc/fail2ban/filter.d/ and create a file called vpopmail.conf (or any other name suitable for you). Populate the file with the following content:

[Definition]

failregex = vchkpw-smtp: vpopmail user not found .*:<HOST>$
ignoreregex =

Enable the filter by creating a jail

Go to /etc/fail2ban/jail.d/ and create a file called vpopmail.conf (or any other name suitable for you). Populate the file with the following content:

[vpopmail]

#Enable/Disable filter
enabled  = true
#The name of the filter that we've created in /etc/fail2ban/filter.d/vpopmail.conf
filter   = vpopmail
action   = iptables-multiport[name=VPOPMAIL-LOGIN, port="110"]
logpath  = /var/log/maillog
#Number of matches
maxretry = 10
#Duration in seconds on how long the IP will be banned
bantime  = 86400

Test the filter

To test the filter and see if we have some matches we need to run the following command:

fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/vpopmail.conf

Apply the configuration

Just restart the fail2ban process.