From: Peter Palfrader Date: Fri, 12 Oct 2018 09:11:52 +0000 (+0200) Subject: do fail2ban on postfix AUTH attempts on lists.d.o X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=eba66bcb25a6b0a3cf1eb134c4f932db4e50595a;p=mirror%2Fdsa-puppet.git do fail2ban on postfix AUTH attempts on lists.d.o --- diff --git a/modules/fail2ban/files/filter/dsa-postfix.conf b/modules/fail2ban/files/filter/dsa-postfix.conf new file mode 100644 index 000000000..b3868868e --- /dev/null +++ b/modules/fail2ban/files/filter/dsa-postfix.conf @@ -0,0 +1,7 @@ +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = ^%(__prefix_line)slost connection after AUTH from \S+\[\]$ diff --git a/modules/fail2ban/files/jail/dsa-postfix.conf b/modules/fail2ban/files/jail/dsa-postfix.conf new file mode 100644 index 000000000..354f8de13 --- /dev/null +++ b/modules/fail2ban/files/jail/dsa-postfix.conf @@ -0,0 +1,7 @@ +[dsa-postfix] +enabled = true +filter = dsa-postfix +port = smtp,ssmtp +logpath = /var/log/mail.log +maxretry = 4 +bantime = 3600 diff --git a/modules/fail2ban/manifests/postfix.pp b/modules/fail2ban/manifests/postfix.pp new file mode 100644 index 000000000..4b545660d --- /dev/null +++ b/modules/fail2ban/manifests/postfix.pp @@ -0,0 +1,10 @@ +class fail2ban::postfix inherits fail2ban { + file { '/etc/fail2ban/filter.d/dsa-postfix.conf': + source => 'puppet:///modules/fail2ban/filter/dsa-postfix.conf', + notify => Service['fail2ban'], + } + file { '/etc/fail2ban/jail.d/dsa-postfix.conf': + source => 'puppet:///modules/fail2ban/jail/dsa-postfix.conf', + notify => Service['fail2ban'], + } +} diff --git a/modules/postfix/manifests/init.pp b/modules/postfix/manifests/init.pp index 67cb8d77e..8c1d2b226 100644 --- a/modules/postfix/manifests/init.pp +++ b/modules/postfix/manifests/init.pp @@ -28,6 +28,8 @@ class postfix { order => '000', content => template('postfix/main.cf-header.erb') } + } else { + include fail2ban::postfix } exec { 'service postfix reload':