centos-boun...@centos.org schrieb am 09.08.2011 10:39:57:
> Nikos Gatsis - Qbit <ngat...@qbit.gr>
> Gesendet von: centos-boun...@centos.org
>
> 09.08.2011 10:40
>
> Bitte antworten an
> CentOS mailing list <centos@centos.org>
>
> An
>
> centos@centos.org
>
> Kopie
>
> Thema
>
> [CentOS] fail2ban help
>
> Hello list.
> I have a question for fail2ban for bad logins on sasl.
> I use sasl, sendmail and cyrus-imapd.
> In jail.conf I use the following syntax:
>
> [sasl-iptables]
>
> enabled = true
> filter = sasl
> backend = polling
> action = iptables[name=sasl, port=smtp, protocol=tcp]
> sendmail-whois[name=sasl, dest=my@email]
> logpath = /var/log/maillog
> maxretry = 6
>
> and the following filter:
>
> failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
> (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
> [A-Za-z0-9+/]*={0,2})?$
>
> in iptables:
>
> fail2ban-sasl tcp -- anywhere anywhere tcp
> dpt:smtp
> ...
>
> Chain fail2ban-sasl (2 references)
> target prot opt source destination
> RETURN all -- anywhere anywhere
>
>
> The problem is that never ban bad logins.
>
> I tried to change action as port="imap,imaps,pop3,pop3s,smtp" but
> nothing change.
>
> Can somebody help me?
>
> Thank you,
> Nikos
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
Hello Nikos,
I have nearly the same regex as you:
failregex = : warning: [-._\w]+\[<HOST>\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed.*
and it works with
fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/sasl.conf
Gruß
Andreas Reschke
________________________________________________________________
Unix/Linux-Administration
andreas.resc...@behrgroup.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
