Date: Sat, 22 Jun 2019 15:07:38 -0400 From: Chris Gordon <freebsd@theory14.net> To: David Mehler <dave.mehler@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: mail server in jail, host pf, and fail2ban Message-ID: <EF2E0DD2-37EB-4690-A744-B2B29FADB92C@theory14.net> In-Reply-To: <CAPORhP7y5iprBZtaEczNkCP3j3VjiOiWea7se_M-aShzZe4ZoQ@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
Assuming your jail host can see the files inside the jail -- specifically the jail's /var/log/maillog -- you could run fail2ban on the jail host where it has access to pf and simply point it to the jail's /var/log/maillog. For example, assume your mail jail is named mailserver. (NOTE: I'm using iocage to manage my jails so some of the path will be part of iocage's standards.) On your jail host, in /usr/local/etc/fail2ban/jail.local, you would use a stanza such as: [postfix-postscreen] enabled = yes port = smtp,456,submission logpath = /iocage/jails/mailserver/root/var/log/maillog backend = %(postfix_backend)s Chris * By "jail host" I mean the machine running the jails. > On Jun 22, 2019, at 11:50 AM, David Mehler <dave.mehler@gmail.com> wrote: > > Hello, > > I've got a pf/fail2ban/jail/postscreen question. I'm running a mail > system in a FreeBSD jail, and on the host system i'm using the pf > firewall. What I'm getting are connections to my jail's postscreen > port 25, what i'd like to get done is to try to get those ips scanned > for on the host and banned by fail2ban and pf. > > Suggestions welcome. > Thanks. > Dave. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EF2E0DD2-37EB-4690-A744-B2B29FADB92C>