Postfix Brute Force Prevention

If you are running a mail server based on Postfix, than chances are good that at least once someone has tried to brute force a login to your server. Recently, we were involved in a complete server rebuild for a client moving from Ubuntu to Debian. Part of this build required locking down Postfix to mitigate brute force logins. While we have been using the below configuration (loosely based on this method) for years now, we realized that we have yet to document the process. Below we will configure Fail2ban to easily prevent a Postfix brute force attack by blocking an offending IP address after a set number of invalid login attempts. For the purpose of this article, we will be using Debian 8 although the same configuration also works on Ubuntu 14.04 and above. First you will need to install the Fail2ban software and create your base configuration as shown below.

Next, you will need to edit your newly created files to reflect the configuration below. Note that we will not be editing Fail2ban’s default configuration. Our default.conf below will override the default configuration settings and our postfix.conf will override the default postfix settings in jail.conf. For specific documentaion on each setting, please open and review /etc/fail2ban/jail.conf

default.conf

postfix.conf

Once your configuration files are modified as required, simply restart the fail2ban service and take a look at the log at /var/log/fail2ban.log to ensure your newly created configuration is working as seen below.

fail2ban-postfix-jail

Did you find this article useful? Why not share it with your friends?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.