Hi Lee On Mon, Jan 19, 2015, at 05:19 PM, Lee Clemens wrote: > What version of Fail2ban are you using? Iirc, the rescan stuff wasn't > added until 0.9.0
It's fail2ban-client -V Fail2Ban v0.8.11 Copyright (c) 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors Copyright of modifications held by their respective authors. Licensed under the GNU General Public License v2 (GPL). Written by Cyril Jaquier <[email protected]>. Many contributions by Yaroslav O. Halchenko <[email protected]>. here. Hm. > Also, as a general note, it can take some time after restart for bans > within the bantime to get re-added (rescan entire log, etc). As f2b is setup right now its detecting NEW ips using this filter. I got an admin email Hi, The IP 68.64.163.3 has just been banned by Fail2Ban after 3 attempts against zimbra-recipient. Regards, Fail2Ban and watched the log tail -f /var/log/fail2ban.log 2015-01-19 16:52:14,667 fail2ban.actions: WARNING [zimbra-recipient] Ban 68.64.163.3 but it's not actually adding them ipset -L fail2ban-zimbra-recipient Name: fail2ban-zimbra-recipient Type: hash:ip Revision: 2 Header: family inet hashsize 1024 maxelem 65536 timeout 600 Size in memory: 18024 References: 1 Members: If I do the manual step again fail2ban-regex /var/log/zimbra.log /etc/fail2ban/filter.d/zimbra.conf then I get Name: fail2ban-zimbra-recipient Type: hash:ip Revision: 2 Header: family inet hashsize 1024 maxelem 65536 timeout 600 Size in memory: 18104 References: 1 Members: ... 68.64.163.3 timeout 401 <==================================== ... which includes ALL of the others too. ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
