I would like to know if it is possible to automatically ban/filter an IP for few time in case of multiple authentication failure in exim4 server.
2 Answers
fail2ban can watch logfiles of various programs, including exim and ban IPs which match a given pattern to block them for a given time using iptables.
Look for a fail2ban package in you operating system's package manager. Usually many examples are included in the package itself, you can also find some information in the project's wiki page on exim.
![](../../users/profiles/217116.webp)
- 4,175
- 2
- 25
- 45
I've successfully used Config Server Firewall which has a bundled daemon (LFD) which works out of the box with Exim (along with several other services). https://configserver.com/cp/csf.html It's very popular on cPanel servers but there's no reason it shouldn't work on a bare server running exim, given that the log format is the same. Very easy to add exceptions and set the limit of time for how long the IP is blocked.
![](../../users/profiles/251110.webp)
- 873
- 1
- 8
- 17