Comments (15)
I finally managed to make it work thanks to PR #44 and with 2FA. Thank you :)
from how-to-secure-a-linux-server.
Check the fail 2 ban log ?
My fail2ban.log returns
`2019-10-19 15:45:35,095 fail2ban.jail [6770]: INFO Initiated 'systemd' backend
2019-10-19 15:45:35,096 fail2ban.filter [6770]: ERROR No failure-id group in 'sendmail.*authentication failure (-13) SASL(-13):'
2019-10-19 15:45:35,096 fail2ban.transmitter [6770]: WARNING Command ['set', 'smtp-auth', 'addfailregex', 'sendmail.*authentication failure \(-13\) SASL\(-13\):'] has failed. Received RegexException("No failure-id group in 'sendmail.*authentication failure \(-13\) SASL\(-13\):'",)
2019-10-19 15:45:35,096 fail2ban [6770]: ERROR NOK: ("No failure-id group in 'sendmail.*authentication failure \(-13\) SASL\(-13\):'",)
2019-10-19 15:45:35,096 fail2ban.filter [6770]: INFO encoding: UTF-8
2019-10-19 15:45:35,096 fail2ban.filter [6770]: INFO maxRetry: 3
2019-10-19 15:45:35,096 fail2ban.filter [6770]: INFO findtime: 43200
2019-10-19 15:45:35,096 fail2ban.actions [6770]: INFO banTime: 86400
2019-10-19 15:45:35,099 fail2ban.jail [6770]: INFO Jail 'sshd' started
2019-10-19 15:45:35,103 fail2ban.jail [6770]: INFO Jail 'recidive' started
2019-10-19 15:45:35,104 fail2ban.filtersystemd [6770]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2019-10-19 15:45:35,109 fail2ban.jail [6770]: INFO Jail 'smtp-auth' started
2019-10-19 15:45:35,111 fail2ban.transmitter [6770]: WARNING Command ['add', 'sshd'] has failed. Received NameError("name 'noduplicates' is not defined",)
2019-10-19 15:45:35,160 fail2ban.transmitter [6770]: WARNING Command ['add', 'recidive'] has failed. Received NameError("name 'noduplicates' is not defined",)
2019-10-19 15:45:35,207 fail2ban.transmitter [6770]: WARNING Command ['add', 'smtp-auth'] has failed. Received NameError("name 'noduplicates' is not defined",)`
Here my smtp-auth.conf file
cat /etc/fail2ban/filter.d/smtp-auth.conf
[Definition]
#failregex = sendmail.*authentication failure: checkpass failed, relay=[]$
failregex = sendmail.*authentication failure (-13) SASL(-13):
authentication failure:.relay=.[]
ignoreregex =
from how-to-secure-a-linux-server.
I can see some errors because fail2ban couldn't send its emails:
2019-10-16 23:38:52,323 fail2ban.action [923]: ERROR printf %b "Hi,\n
The jail sshd has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] sshd: started on `uname -n`" <MY-GMAIL-ADDRESS> -- timed out after 60 seconds.
2019-10-16 23:38:52,425 fail2ban.action [923]: ERROR printf %b "Hi,\n
The jail sshd has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] sshd: started on `uname -n`" <MY-GMAIL-ADDRESS> -- stdout: b''
2019-10-16 23:38:52,426 fail2ban.action [923]: ERROR printf %b "Hi,\n
The jail sshd has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] sshd: started on `uname -n`" <MY-GMAIL-ADDRESS> -- stderr: b''
2019-10-16 23:38:52,427 fail2ban.action [923]: ERROR printf %b "Hi,\n
The jail sshd has been started successfully.\n
Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] sshd: started on `uname -n`" <MY-GMAIL-ADDRESS> -- killed with SIGTERM (return code: -15)
Apart from that, the rest seems normal. I don't have a smtp-auth.conf file like you.
from how-to-secure-a-linux-server.
I don't have a smtp-auth.conf file like you.
it's possible share your smtp conf ?
from how-to-secure-a-linux-server.
Do you mean the files in /etc/exim4/
? I followed the instructions from this section: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server#gmail-and-exim4-as-mta-with-implicit-tls
To be more precise, here are the files I modified:
/etc/exim4/passwd.client
:
*.google.com:<MY-GMAIL-ADDRESS>:<MY-GMAIL-PASSWORD>
/etc/exim4/exim4.conf.localmacros
:
MAIN_TLS_ENABLE = 1
REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = *
TLS_ON_CONNECT_PORTS = 465
REQUIRE_PROTOCOL = smtps
IGNORE_SMTP_LINE_LENGTH_LIMIT = true
/etc/exim4/exim4.conf.template
: it's too long, I just modified some parts as instructed in the tutorial:
.ifdef REQUIRE_PROTOCOL
protocol = REQUIRE_PROTOCOL
.endif
...
.ifdef TLS_ON_CONNECT_PORTS
tls_on_connect_ports = TLS_ON_CONNECT_PORTS
.endif
Apart from these files, I didn't configure anything else in Exim4.
from how-to-secure-a-linux-server.
Also, I configured UFW to allow traffic on port 465 as instructed in the tutorial.
from how-to-secure-a-linux-server.
I'm sorry my bad. i am talk about fail2ban config to exim/sendmail.conf ?
from how-to-secure-a-linux-server.
Haha, no problem :) Did you mean this file?
/etc/fail2ban/action.d/sendmail.conf
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
#
[INCLUDES]
before = sendmail-common.conf
[Definition]
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
[Init]
# Default name of the chain
#
name = default
I think this is the default file. I didn't modify it myself.
from how-to-secure-a-linux-server.
I also have this one (which is surely more relevant since I use exim).
/etc/fail2ban/filter.d/exim.conf
# Fail2Ban filter for exim
#
# This includes the rejection messages of exim. For spam and filter
# related bans use the exim-spam.conf
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# exim-common.local
before = exim-common.conf
[Definition]
failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$
^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\](?::\d+)?(?: I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
^%(pid)s %(host_info)sF=(?:<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (?:relay not permitted|Sender verify failed|Unknown user)\s*$
^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (?:connection from|"\S+") %(host_info)s(?:next )?input=".*"\s*$
^%(pid)s SMTP call from \S+ %(host_info)sdropped: too many nonmail commands \(last was "\S+"\)\s*$
^%(pid)s SMTP protocol error in "AUTH \S*(?: \S*)?" %(host_info)sAUTH command used when not advertised\s*$
^%(pid)s no MAIL in SMTP connection from (?:\S* )?(?:\(\S*\) )?%(host_info)sD=\d+s(?: C=\S*)?\s*$
^%(pid)s \S+ SMTP connection from (?:\S* )?(?:\(\S*\) )?%(host_info)sclosed by DROP in ACL\s*$
ignoreregex =
# DEV Notes:
# The %(host_info) defination contains a <HOST> match
#
# SMTP protocol synchronization error \([^)]*\) <- This needs to be non-greedy
# to void capture beyond ")" to avoid a DoS Injection vulnerabilty as input= is
# user injectable data.
#
# Author: Cyril Jaquier
# Daniel Black (rewrote with strong regexs)
# Martin O'Neal (added additional regexs to detect authentication failures, protocol errors, and drops)
from how-to-secure-a-linux-server.
Since it is possible that Google has blocked my server from authenticating (honestly I don't have other hypothesis at this point), I should probably setup my own SMTP server. Have you resources about doing this?
Today I tried to reconfigure Exim to use it as a Send-only Mail Server following this tutorial : https://www.linode.com/docs/email/exim/deploy-exim-as-a-send-only-mail-server-on-ubuntu-12-04/
But it seems that Google still refuses my mail:
2019-11-01 15:50:27 1iQYFu-0001ig-CM H=gmail-smtp-in.l.google.com [2a00:1450:400c:c09::1b] Network is unreachable
2019-11-01 15:50:27 1iQYFu-0001ig-CM H=gmail-smtp-in.l.google.com [74.125.140.27] Connection refused
2019-11-01 15:50:27 1iQYFu-0001ig-CM H=alt1.gmail-smtp-in.l.google.com [209.85.233.27] Connection refused
2019-11-01 15:50:27 1iQYFu-0001ig-CM H=alt2.gmail-smtp-in.l.google.com [172.217.194.27] Connection refused
2019-11-01 15:50:27 1iQYFu-0001ig-CM H=alt3.gmail-smtp-in.l.google.com [108.177.97.27] Connection refused
2019-11-01 15:50:27 1iQYFu-0001ig-CM H=alt4.gmail-smtp-in.l.google.com [2607:f8b0:400e:c00::1b] Network is unreachable
I am a bit desperate because, even when just sending a mail (not even using gmail's SMTP), it looks like my server is blocked. I just want my server to be able sending mails to my personal gmail address. Are there alternative solutions?
from how-to-secure-a-linux-server.
I think On this situation you need set the hosts file right way.
something like this:
`127.0.0.1 localhost
127.0.1.1 test.example.com test
xxx.xxx.xx.x test.example.com test
::1 localhost`
I think write right way
from how-to-secure-a-linux-server.
I ran into the same issue while setting up a new server.
PR #44 saved me, maybe you should check that out too and configure your /etc/exim4/passwd.client accordingly.
Btw: i'm using 2FA with an app-password
from how-to-secure-a-linux-server.
Thank you for your suggestions, I will try them ASAP
from how-to-secure-a-linux-server.
Hello all. Sorry I haven't replied. I'm caught up in the middle of some personal stuff and haven't had a chance to work on this. Hoping to get to it in the next few weeks!
from how-to-secure-a-linux-server.
Check new method ;) simple way SSMTP ;)Check Pull Requests ;)
Other thing about gmail. maybe you need Enable Less Secure APPs on google account!!
from how-to-secure-a-linux-server.
Related Issues (20)
- Translate into Mandarin HOT 2
- SSH options HOT 2
- psad fails to update signatures HOT 1
- Implementing Post‑quantum Cryptography
- Gmail SMTP: You can no longer use the account's password HOT 2
- exim4 Gmail - TLS connection errors / "Authentication Required" HOT 3
- SSH keypair not able to login with passpharase HOT 1
- Fail2ban fails on fresh Debian12
- Disabling bash history on root account? HOT 3
- HashKnownHosts set to yes HOT 4
- psad missing ufw log setting
- sshd_config compression option no longer a security risk HOT 1
- sshd_config protocol 1 support completely removed resulting in protocol option being removed
- [Ubuntu 24.04] Error: fail2ban [5004]: ERROR No module named 'asynchat'
- Version this guide and create tags
- Ubuntu Guide is Unreachable HOT 1
- Suggestion: UFW Firewall for Cloudflare
- Please add Postgres section HOT 2
- Conflicting statements on CIS benchmarks HOT 1
- A dead article. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from how-to-secure-a-linux-server.