On 10/21/2014 7:55 AM, [email protected] wrote: > Hi there, > I've installed a mailserver with CentOS7 and fail2ban (0.9-9.el7 from > epel). The default regex in dovecot.conf didn't work as expect. > > Example: > mailserver dovecot: imap-login: Disconnected (no auth attempts in 0 > secs): user=<>, rip=66.240.192.138, lip=192.168.2.10, TLS: Disconnected, > TLSv1.2 with cipher DHE-RSA-AES25 > 6-GCM-SHA384 (256/256 bits) > mailserver dovecot: imap-login: Disconnected (no auth attempts in 4 > secs): user=<>, rip=66.240.192.138, lip=192.168.2.10, TLS, TLSv1.2 with > cipher ECDHE-RSA-AES128-GCM-SHA256 > (128/128 bits) > > How can I match these lines? I found a lot people with the same issue > when googling. > > > > [root@mailserver ~]# fail2ban-regex /var/log/maillog > /etc/fail2ban/filter.d/dovecot.conf > > > Running tests > ============= > > > Use failregex file : /etc/fail2ban/filter.d/dovecot.conf > Use log file : /var/log/maillog > Use encoding : UTF-8 > > > > Results > ======= > > > Failregex: 0 total > > > Ignoreregex: 0 total > > > Date template hits: > |- [# of hits] date format > | [2671] (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: > Year)? > `- > > > Lines: 2671 lines, 0 ignored, 0 matched, 2671 missed > Missed line(s): too many to print. Use --print-all-missed to print all > 2671 lines > [root@mailserver ~]# > > > Thanks > Andreas > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
On my system, dovecot.conf that came with fail2ban-0.8.10-1.fc17.noarch only deals with authentication failure. Bill ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
