Zimbra - Configuring Fail2ban to blocking relay tries

Zimbra server is configured to avoid relay access. But, I see a lot of tries to do this.
So, I decided to use Fail2ban to block this hosts.

The enviroment that I have installed the Zimbra Mail Server is:
CentOS 6.4 x64
EPEL and RPMForge repositories
Zimbra 7

First, we install Fail2ban service:
# yum install fail2ban

After, we create a filter:
# vi /etc/fail2ban/filter.d/zimbra-relay.conf
failregex = \[(?P\S*)\]: 554 5\.7\.1

Finally, we enable the filter in jail.conf file adding the following lines:
enabled         = true
filter          = zimbra-relay
logpath         = /var/log/zimbra.log
action          = iptables-allports[name = zimbra-relay]
maxretry        = 3
bantime         = 2800

Restart the service:
# service fail2ban restart

That's all folks.

Nenhum comentário: