Hi there, I've installed a mailserver with CentOS7 and fail2ban (0.9-9.el7 from epel). The default regex in dovecot.conf didn't work as expect.
Example: mailserver dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=66.240.192.138, lip=192.168.2.10, TLS: Disconnected, TLSv1.2 with cipher DHE-RSA-AES25 6-GCM-SHA384 (256/256 bits) mailserver dovecot: imap-login: Disconnected (no auth attempts in 4 secs): user=<>, rip=66.240.192.138, lip=192.168.2.10, TLS, TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) How can I match these lines? I found a lot people with the same issue when googling. [root@mailserver ~]# fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/dovecot.conf Running tests ============= Use failregex file : /etc/fail2ban/filter.d/dovecot.conf Use log file : /var/log/maillog Use encoding : UTF-8 Results ======= Failregex: 0 total Ignoreregex: 0 total Date template hits: |- [# of hits] date format | [2671] (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? `- Lines: 2671 lines, 0 ignored, 0 matched, 2671 missed Missed line(s): too many to print. Use --print-all-missed to print all 2671 lines [root@mailserver ~]# Thanks Andreas ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
