NAME

Mail::MtPolicyd::Plugin::Fail2Ban - mtpolicyd plugin to block an address with fail2ban

VERSION

version 2.03

DESCRIPTION

This plugin can be used to block an ip with iptable thru the fail2ban daemon.

For more information abount fail2ban read:

http://www.fail2ban.org/

This plugin will directly talk to the daemon thru the unix domain socket and execute an banip command:

  set <JAIL> banip <IP>

PARAMETERS

socket (default: /var/run/fail2ban/fail2ban.sock)

Path to the fail2ban unix socket.

Make sure mtpolicyd is allowed to write to this socket!

jail (default: postfix)

The jail in which the ip should be banned.

EXAMPLE

Execute a ban on all client-ips which send a mail with a score of >=15:

  <Plugin ScoreBan>
    module = "ScoreAction"
    threshold = 15
    <Plugin ban-ip>
      module = "Fail2Ban"
      socket = "/var/run/fail2ban/fail2ban.sock"
      jail = "postfix"
    </Plugin>
  </Plugin>

FAIL2BAN CONFIGURATION

To allow mtpolicyd to access fail2ban you must make sure fail2ban can write to the fail2ban unix socket.

  chgrp mtpolicyd /var/run/fail2ban/fail2ban.sock
  chmod g+rwx /var/run/fail2ban/fail2ban.sock

You may want to add this to the fail2ban startup script.

You may want to use the predefined postfix jail. To activate it create /etc/fail2ban/jail.local and enable the postfix fail by setting enabled=true.

  [postfix]
  enabled = true

AUTHOR

Markus Benning <ich@markusbenning.de>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2014 by Markus Benning <ich@markusbenning.de>.

This is free software, licensed under:

  The GNU General Public License, Version 2, June 1991