0

I would like to know if it is possible to automatically ban/filter an IP for few time in case of multiple authentication failure in exim4 server.

Tobia
  • 1,210
  • 8
  • 37
  • 73

2 Answers2

1

fail2ban can watch logfiles of various programs, including exim and ban IPs which match a given pattern to block them for a given time using iptables.

Look for a fail2ban package in you operating system's package manager. Usually many examples are included in the package itself, you can also find some information in the project's wiki page on exim.

sebix
  • 4,175
  • 2
  • 25
  • 45
0

I've successfully used Config Server Firewall which has a bundled daemon (LFD) which works out of the box with Exim (along with several other services). https://configserver.com/cp/csf.html It's very popular on cPanel servers but there's no reason it shouldn't work on a bare server running exim, given that the log format is the same. Very easy to add exceptions and set the limit of time for how long the IP is blocked.

Mugurel
  • 873
  • 1
  • 8
  • 17