* iptables-multiport is default action to take since Debian kernel arrives

with multiport module. That is to address the fact that most services
  listen on multiple port (for encrypted and non-encrypted connections)
* Added [courierauth] jail (First 2 items are to partially address #407404

debian/changelog

@@ -1,3 +1,12 @@
+fail2ban (0.7.6-2) unstable; urgency=low
+
+  * iptables-multiport is default action to take since Debian kernel arrives
+    with multiport module. That is to address the fact that most services
+    listen on multiple port (for encrypted and non-encrypted connections)
+  * Added [courierauth] jail (First 2 items are to partially address #407404
+
+ -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 18 Jan 2007 10:35:36 -0500
+
 fail2ban (0.7.6-1) unstable; urgency=low
 
   * New upstream release, which incorporates fixes introduced in 3~pre

debian/jail.conf

@@ -41,7 +41,7 @@ destemail = root@localhost
 # iptables-multiport, shorewall, etc) It is used to define 
 # action_* variables. Can be overriden globally or per 
 # section within jail.local file
-banaction = iptables
+banaction = iptables-multiport
 
 
 #
@@ -82,7 +82,7 @@ action = %(action_)s
 [ssh]
 
 enabled = true
-port	= ssh
+port	= ssh,sftp
 filter	= sshd
 logpath  = /var/log/auth.log
 maxretry = 6
@@ -91,7 +91,7 @@ maxretry = 6
 [ssh-ddos]
 
 enabled = false
-port    = ssh
+port    = ssh,sftp
 filter  = sshd-ddos
 logpath  = /var/log/auth.log
 maxretry = 6
@@ -103,15 +103,16 @@ maxretry = 6
 [apache]
 
 enabled = false
-port	= http
+port	= http,https
 filter	= apache-auth
 logpath = /var/log/apache*/*access.log
 maxretry = 6
 
+# default action is now multiport, so apache-multiport jail was left
+# for compatibility with previous (<0.7.6-2) releases
 [apache-multiport]
 
 enabled   = false
-banaction = iptables-multiport
 port	  = http,https
 filter	  = apache-auth
 logpath   = /var/log/apache*/*access.log
@@ -120,7 +121,7 @@ maxretry  = 6
 [apache-noscript]
 
 enabled = false
-port    = http
+port    = http,https
 filter  = apache-noscript
 logpath = /var/log/apache*/*error.log
 maxretry = 6
@@ -132,7 +133,7 @@ maxretry = 6
 [vsftpd]
 
 enabled  = false
-port	 = ftp
+port	 = ftp,ftp-data,ftps,ftps-data
 filter   = vsftpd
 logpath  = /var/log/vsftpd.log
 # or overwrite it in jails.local to be
@@ -145,7 +146,7 @@ maxretry = 6
 [proftpd]
 
 enabled  = false
-port	 = ftp
+port	 = ftp,ftp-data,ftps,ftps-data
 filter   = proftpd
 logpath  = /var/log/proftpd/proftpd.log
 maxretry = 6
@@ -154,7 +155,7 @@ maxretry = 6
 [wuftpd]
 
 enabled  = false
-port	 = ftp
+port	 = ftp,ftp-data,ftps,ftps-data
 filter   = wuftpd
 logpath  = /var/log/auth.log
 maxretry = 6
@@ -167,7 +168,7 @@ maxretry = 6
 [postfix]
 
 enabled  = false
-port	 = smtp
+port	 = smtp,ssmtp
 filter   = postfix
 logpath  = /var/log/mail.log
 
@@ -175,14 +176,27 @@ logpath  = /var/log/mail.log
 [couriersmtp]
 
 enabled  = false
-port	 = smtp
+port	 = smtp,ssmtp
 filter   = couriersmtp
 logpath  = /var/log/mail.log
 
 
+#
+# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
+# all relevant ports get banned
+#
+
+[courierauth]
+
+enabled  = false
+port	 = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
+filter   = courierauth
+logpath  = /var/log/mail.log
+
+
 [sasl]
 
 enabled  = false
-port	 = smtp
+port	 = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
 filter   = sasl
 logpath  = /var/log/mail.log