From owner-freebsd-questions@freebsd.org Sat Jun 22 19:07:47 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25B7715B3E67 for ; Sat, 22 Jun 2019 19:07:47 +0000 (UTC) (envelope-from freebsd@theory14.net) Received: from bacon.theory14.net (bacon.theory14.net [45.55.200.27]) by mx1.freebsd.org (Postfix) with ESMTP id B18C988370 for ; Sat, 22 Jun 2019 19:07:45 +0000 (UTC) (envelope-from freebsd@theory14.net) Received: from remote.theory14.net (remote.theory14.net [173.79.103.82]) by bacon.theory14.net (Postfix) with ESMTPSA id D81A5125E80; Sat, 22 Jun 2019 15:07:38 -0400 (EDT) Received: from grackle.int.theory14.net (grackle.int.theory14.net [192.168.10.52]) by remote.theory14.net (Postfix) with ESMTPS id A0F649595; Sat, 22 Jun 2019 15:07:38 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=theory14.net; s=mail; t=1561230458; bh=CWV1H7CmasmKXEqbvs/R3m3y7muEAMYmIskFXzbmXQc=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=LAb8yBdbFNMPXncDADyqmnyo+vwxEGJiUoLE3q3npNzS5oT2W7OPvzVBbwFqpGoFH THZ6kti5QcJIpsrsC5LJ9JAZ6+63VlfbQ+WUUKaFfaxzuFKGxl+sNHek5LzUbK6q9z 8ylEwGAF7sKst1xmVIAFI5bvL1lr48O5oEswAyas= Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Re: mail server in jail, host pf, and fail2ban From: Chris Gordon In-Reply-To: Date: Sat, 22 Jun 2019 15:07:38 -0400 Cc: freebsd-questions Content-Transfer-Encoding: quoted-printable Message-Id: References: To: David Mehler X-Mailer: Apple Mail (2.3445.104.11) X-Rspamd-Queue-Id: B18C988370 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=theory14.net header.s=mail header.b=LAb8yBdb; dmarc=pass (policy=none) header.from=theory14.net; spf=pass (mx1.freebsd.org: domain of freebsd@theory14.net designates 45.55.200.27 as permitted sender) smtp.mailfrom=freebsd@theory14.net X-Spamd-Result: default: False [-2.94 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MV_CASE(0.50)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[bacon.theory14.net,sausage.theory14.net]; DKIM_TRACE(0.00)[theory14.net:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.78)[-0.780,0]; DMARC_POLICY_ALLOW(-0.50)[theory14.net,none]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.21)[asn: 14061(1.13), country: US(-0.06)]; MIME_TRACE(0.00)[0:+]; RECEIVED_SPAMHAUS_PBL(0.00)[82.103.79.173.zen.spamhaus.org : 127.0.0.10]; ASN(0.00)[asn:14061, ipnet:45.55.192.0/18, country:US]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.96)[-0.962,0]; R_DKIM_ALLOW(-0.20)[theory14.net:s=mail]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jun 2019 19:07:47 -0000 Assuming your jail host can see the files inside the jail -- = specifically the jail's /var/log/maillog -- you could run fail2ban on = the jail host where it has access to pf and simply point it to the = jail's /var/log/maillog. For example, assume your mail jail is named mailserver. (NOTE: I'm = using iocage to manage my jails so some of the path will be part of = iocage's standards.) On your jail host, in = /usr/local/etc/fail2ban/jail.local, you would use a stanza such as: [postfix-postscreen] enabled =3D yes port =3D smtp,456,submission logpath =3D /iocage/jails/mailserver/root/var/log/maillog backend =3D %(postfix_backend)s Chris * By "jail host" I mean the machine running the jails. > On Jun 22, 2019, at 11:50 AM, David Mehler = wrote: >=20 > Hello, >=20 > I've got a pf/fail2ban/jail/postscreen question. I'm running a mail > system in a FreeBSD jail, and on the host system i'm using the pf > firewall. What I'm getting are connections to my jail's postscreen > port 25, what i'd like to get done is to try to get those ips scanned > for on the host and banned by fail2ban and pf. >=20 > Suggestions welcome. > Thanks. > Dave. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"