Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 22 Jun 2019 15:07:38 -0400
From:      Chris Gordon <freebsd@theory14.net>
To:        David Mehler <dave.mehler@gmail.com>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: mail server in jail, host pf, and fail2ban
Message-ID:  <EF2E0DD2-37EB-4690-A744-B2B29FADB92C@theory14.net>
In-Reply-To: <CAPORhP7y5iprBZtaEczNkCP3j3VjiOiWea7se_M-aShzZe4ZoQ@mail.gmail.com>
References:  <CAPORhP7y5iprBZtaEczNkCP3j3VjiOiWea7se_M-aShzZe4ZoQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Assuming your jail host can see the files inside the jail -- =
specifically the jail's /var/log/maillog -- you could run fail2ban on =
the jail host where it has access to pf and simply point it to the =
jail's /var/log/maillog.

For example, assume your mail jail is named mailserver. (NOTE:  I'm =
using iocage to manage my jails so some of the path will be part of =
iocage's standards.)  On your jail host, in =
/usr/local/etc/fail2ban/jail.local, you would use a stanza such as:

[postfix-postscreen]
enabled =3D yes
port    =3D smtp,456,submission
logpath  =3D /iocage/jails/mailserver/root/var/log/maillog
backend  =3D %(postfix_backend)s

Chris

* By "jail host" I mean the machine running the jails.


> On Jun 22, 2019, at 11:50 AM, David Mehler <dave.mehler@gmail.com> =
wrote:
>=20
> Hello,
>=20
> I've got a pf/fail2ban/jail/postscreen question. I'm running a mail
> system in a FreeBSD jail, and on the host system i'm using the pf
> firewall. What I'm getting are connections to my jail's postscreen
> port 25, what i'd like to get done is to try to get those ips scanned
> for on the host and banned by fail2ban and pf.
>=20
> Suggestions welcome.
> Thanks.
> Dave.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to =
"freebsd-questions-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EF2E0DD2-37EB-4690-A744-B2B29FADB92C>