With this filter we’ll be able to block unwanted access on POP3 server.
This filter will match the following string:
Sep 24 04:24:39 server-name vpopmail: vchkpw-smtp: vpopmail user not found office@:184.108.40.206
Create a new Python regexp
Go to /etc/fail2ban/filter.d/ and create a file called vpopmail.conf (or any other name suitable for you). Populate the file with the following content:
[Definition] failregex = vchkpw-smtp: vpopmail user not found .*:<HOST>$ ignoreregex =
Enable the filter by creating a jail
Go to /etc/fail2ban/jail.d/ and create a file called vpopmail.conf (or any other name suitable for you). Populate the file with the following content:
[vpopmail] #Enable/Disable filter enabled = true #The name of the filter that we've created in /etc/fail2ban/filter.d/vpopmail.conf filter = vpopmail action = iptables-multiport[name=VPOPMAIL-LOGIN, port="110"] logpath = /var/log/maillog #Number of matches maxretry = 10 #Duration in seconds on how long the IP will be banned bantime = 86400
Test the filter
To test the filter and see if we have some matches we need to run the following command:
fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/vpopmail.conf
Apply the configuration
Just restart the fail2ban process.