We would like to give access to a specific mailadress on our server (postfix and dovecot) only from a specific ip address. My idea was to use fail2ban for that.
How could a filter look like for that?
Asked
Active
Viewed 240 times
1 Answers
0
give access to a specific mailadress on our server (postfix and dovecot)
Why you need fail2ban for that?
Write simple script (systemd-unit) creating a rules or new chain which would allow expected IPs and add reject/drop default policy for this mail ports, and start it at boot time, for example:
chain=INPUT
for p in smtp smtps pop3 pop3s imap imaps; do
for ip in 192.0.2.1 192.0.2.2 192.0.2.3; do
iptables -A $chain -i $device -m state --state NEW -p tcp --dport "$p" -s "$ip" -j ACCEPT
done
iptables -A $chain -i $device -m state --state NEW -p tcp --dport "$p" -j REJECT
done
If you need some dynamic allowance (e. g. by port- or http-url-knowcking etc), you can indeed do this with fail2ban.
Take a look at example jail pass2allow-ftp or at related RFE #1112.
How could a filter look like for that?
How the filter does look is depending on what exactly will be monitored (for instance by url-knocking which http-server access-log format, e. g. of nging or apache, you'd have) or on what exactly you need to react to allow the IP. An example of log in such case is necessary to answer the question properly.
Also you may read wiki :: Best practice # Reduce parasitic log traffic to provide sane implementation for such "jail".
sebres
- 700
- 4
- 12