使用SquirrelMail在CentOS 5.3 / ISPConfig 3上配置fail2ban

使用SquirrelMail在CentOS 5.3 / ISPConfig 3上配置fail2ban 3

介绍

本教程将介绍如何通过使用fail2ban来防止无限制的登录尝试，从而对您的SquirrelMail Web登录进行强力攻击。

要求

确保fail2ban和SquirrelMail都安装在这里详细介绍的CentOS v5.3 / ISPConfig 3机器上。

但是，他们的安装是直接的：

yum install fail2ban squirrelmail

您必须主动使用iptables作为防火墙。 Fail2ban通过为未授权的源IP地址创建一个临时丢弃规则。

2.松鼠邮件记录配置

默认登录到/ var / log / maillog的 CentOS v5.3 / ISPConfig 3下的SquirrelMail（imapd），但仅作为IP地址127.0.0.1（localhost）。 因为我们试图禁止一个特定的源地址，所以fail2ban不能使用这个文件。 因此，我们安装并使用Squirrel Logger来捕获登录尝试的真实源地址。

下载并安装松鼠记录器 ：

cd /usr/share/squirrelmail/plugins
wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fsquirrel_logger-2.3-1.2.7.tar.gz
tar zxvf squirrel_logger-2.3-1.2.7.tar.gz
cd squirrel_logger-2.3-1.2.7
cp config_example.php config.php

虽然这个插件是最新版本的Squirrel Logger ，如果已经进行了修订升级，那么直接从SquirrelMail Plugins网站下载它。

如果您的计算机使用的本地时间不是GMT，请使用vi更改： config_php中的$ sl_use_GMT = 1到$ sl_use_GMT = 0 ：

原来config.php ：

...
// Log dates in GMT?  If you do not do this, dates will
// be logged in whatever timezone each user is in (or
// has set in their personal preferences)
//
//    1 = yes
//    0 = no
//
$sl_use_GMT = 1;
...

修改了config.php ：

...
// Log dates in GMT?  If you do not do this, dates will
// be logged in whatever timezone each user is in (or
// has set in their personal preferences)
//
//    1 = yes
//    0 = no
//
$sl_use_GMT = 0;
...

删除下载的Squirrel Logger gzip文件：

cd /usr/share/squirrelmail/plugins
rm squirrel_logger-2.3-1.2.7.tar.gz

配置SquirrelMail使用松鼠记录器插件：

/usr/share/squirrelmail/config/conf.pl

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages

D.  Set pre-defined settings for specific IMAP servers

C   Turn color on
S   Save data
Q   Quit

Command >>

Select: Plugins

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
  Installed Plugins
    1. delete_move_next
    2. squirrelspell
    3. newmail

  Available Plugins:
    4. listcommands
    5. fortune
    6. filters
    7. translate
    8. abook_take
    9. spamcop
    10. squirrel_logger
    11. mail_fetch
    12. calendar
    13. sent_subfolders
    14. message_details
    15. administrator
    16. info
    17. bug_report

R   Return to Main Menu
C   Turn color on
S   Save data
Q   Quit

Command >> 

Select: squirrel_logger

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
  Installed Plugins
    1. delete_move_next
    2. squirrelspell
    3. newmail
    4. squirrel_logger

  Available Plugins:
    5. listcommands
    6. fortune
    7. filters
    8. translate
    9. abook_take
    10. spamcop
    11. mail_fetch
    12. calendar
    13. sent_subfolders
    14. message_details
    15. administrator
    16. info
    17. bug_report

R   Return to Main Menu
C   Turn color on
S   Save data
Q   Quit

Command >> 

Select: Save data, Quit

3. Fail2ban配置

更改为fail2ban配置目录：

cd /etc/fail2ban

假设您使用http传输SquirrelMail，请使用vi将以下行添加到jail.conf文件中：

[squirrelmail-iptables]
enabled  = true
filter   = squirrelmail
action   = iptables[name=SquirrelMail, port=http, protocol=tcp]
           sendmail-whois[name=SquirrelMail, dest=you@your_domain.com, sender=fail2ban@your_domain.com]
logpath  = /var/lib/squirrelmail/prefs/squirrelmail_access_log
maxretry = 4

确保dest和发件人的 maxretry和email地址设置为您的要求。

更改为fail2ban过滤器目录：

cd filter.d

在filter.d目录中，使用vi创建一个具有以下内容的squirrelmail.conf文件：

# Fail2Ban configuration file
#
# Author: Bill Landry ((email_protected))
#
# $Revision: 510 $

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#         host must be matched by a group named "host". The tag "
  
   " can
#         be used for standard IP/hostname matching and is only an alias for
#         (?:::f{4,6}:)?(?P
   
    \S+)
# Values: TEXT

failregex = \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT

ignoreregex =

   
  

Fail2ban需要识别squirrelmail_access_log文件中使用的日期格式。

cd /usr/share/fail2ban/server

使用vi编辑datedetector.py文件，并在Apache格式和Exim格式部分之间添加以下行：

# SquirrelMail 09/13/2007 06:43:20
template = DateStrptime()
template.setName("Month/Day/Year Hour:Minute:Second")
template.setRegex("\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}")
template.setPattern("%m/%d/%Y %H:%M:%S")
self.__templates.append(template)