HomeServer36 の履歴(No.1)

[ トップ ]   [ 新規 | 一覧 | 検索 | 最終更新 | ヘルプ ]

• 履歴一覧
• 差分 を表示
• 現在との差分 を表示
• ソース を表示
• HomeServer36 へ行く。
  • 1 (2026-01-08 (木) 13:12:38)
  • 2 (2026-01-08 (木) 13:54:57)
  • 3 (2026-01-09 (金) 10:00:09)

---

fail2ban 有効化†

• fail2ban インストール

  [AWS MX2(sudo)]:~# sudo apt install fail2ban

• jail.local の編集

  [AWS MX2(sudo)]:~# cat /etc/fail2ban/jail.local
  [DEFAULT]
  backend = systemd
  maxretry = 3
  findtime = 600
  
  # おすすめ：7日BAN（EC2なら問題なし）→ 無期限に変更
  #bantime = 604800
  bantime = forever
  
  banaction = iptables-multiport
   

# --- Postfix SASL ---
[postfix-sasl]
enabled  = true
port     = smtp,submission,465
filter   = postfix[mode=auth]
logpath  = %(postfix_log)s


# --- Dovecot ---
[dovecot]
enabled  = true
port     = pop3,pop3s,imap,imaps,submission,465
filter   = dovecot
logpath  = %(dovecot_log)s

• fail2ban 起動

  [AWS MX2(sudo)]:~# sudo systemctl restart fail2ban
  [AWS MX2(sudo)]:~# sudo systemctl enable fail2ban
  Synchronizing state of fail2ban.service with SysV service script with /lib/systemd/systemd-sysv-install.
  Executing: /lib/systemd/systemd-sysv-install enable fail2ban

• fail2ban 起動状況確認

  [AWS MX2(sudo)]:~# sudo systemctl status fail2ban
  ● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2026-01-08 11:09:35 JST; 9s ago
       Docs: man:fail2ban(1)
    Process: 28396 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=0/SUCCESS)
    Process: 28397 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
   Main PID: 28409 (fail2ban-server)
      Tasks: 7 (limit: 4680)
     CGroup: /system.slice/fail2ban.service
             └─28409 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
  
  Jan 08 11:09:35 ip-172-31-22-38 systemd[1]: Stopped Fail2Ban Service.
  Jan 08 11:09:35 ip-172-31-22-38 systemd[1]: Starting Fail2Ban Service...
  Jan 08 11:09:35 ip-172-31-22-38 systemd[1]: Started Fail2Ban Service.
  Jan 08 11:09:35 ip-172-31-22-38 fail2ban-server[28409]: Server ready

• フィルター有効化状況の確認

  AWS MX2(sudo)]:~# sudo fail2ban-client status postfix-sasl
  Status for the jail: postfix-sasl
  |- Filter
  |  |- Currently failed:	0
  |  |- Total failed:	0
  |  `- Journal matches:	_SYSTEMD_UNIT=postfix.service
  `- Actions
     |- Currently banned:	0
     |- Total banned:	0
     `- Banned IP list:	
  
  [AWS MX2(sudo)]:~# sudo fail2ban-client status dovecot
  Status for the jail: dovecot
  |- Filter
  |  |- Currently failed:	1
  |  |- Total failed:	2
  |  `- Journal matches:	_SYSTEMD_UNIT=dovecot.service
  `- Actions
     |- Currently banned:	0
     |- Total banned:	0
     `- Banned IP list:	

メール送信ポートの変更（ 465 → 587 )†

     

Site admin: munakata

PukiWiki 1.5.4 © 2001-2022 PukiWiki Development Team. Powered by PHP 8.3.6. HTML convert time: 0.002 sec.