Changes

*qpsmtpd. If a remote server send you too many mails which qpsmtpd rejects, it's probably spammer, so Fail2ban will blacklist it. MaxRetry is x3 for this service, so with the default config, a remote server will be blacklisted if 9 mails are rejected in less than 15 minutes

*qpsmtpd. If a remote server send you too many mails which qpsmtpd rejects, it's probably spammer, so Fail2ban will blacklist it. MaxRetry is x3 for this service, so with the default config, a remote server will be blacklisted if 9 mails are rejected in less than 15 minutes

*httpd-e-smith. The standard http server. 3 different filters check apache logs:

*httpd-e-smith. The standard http server. 3 different filters check apache logs:

  * noscripts: check client which ask for scripts which are not available on your server. It's usually script-kiddies trying to exploit security vulerabilities

** noscripts: check client which ask for scripts which are not available on your server. It's usually script-kiddies trying to exploit security vulerabilities

  * scan: another set of filter for popular scans (phpMyAdmin, wp-login, admin area etc...)

** scan: another set of filter for popular scans (phpMyAdmin, wp-login, admin area etc...)

  * auth: will check for standard authentication failure

** auth: will check for standard authentication failure

*pam. This will check a generic authentication failure. Everything which uses pam should work

*pam. This will check a generic authentication failure. Everything which uses pam should work

*[[SOGo]]. Check SOGo logs for failed authentications

*[[Sogo|SOGo]]. Check SOGo logs for failed authentications

*[[LemonLDAP::NG|LemonLDAP-NG]]. Check system logs for auth failure on LemonLDAP::NG portal

*[[LemonLDAP-NG]]. Check system logs for auth failure on LemonLDAP::NG portal

*ftp. Check auth failure on your FTP daemon

*ftp. Check auth failure on your FTP daemon

*[[Ejabberd]]. Check auth failure against EJabberd

*[[Ejabberd]]. Check auth failure against EJabberd