try setting max retry to 1 I don't know what happens if you set it to 0 I have never tried it. I just took a quick look at the man page for ipfw I don't think my iptables experience will be much help but I'll give it a try. If you are seeing "found" in your log files the filter is most likely correct, so what is in the action file for that jail?
On Fri, 2015-08-14 at 14:32 +0000, Richard Mealing wrote: > Hi, > > > > I’m running a busy mail server using freebsd and we are seeing about > 90 lines per second in my sendmail logs. > > I’ve tried using maxretry = 0 but in the fail2ban logs I see lots of > ‘found’ but not much ‘ban’ going on. > > > > I’m using findtime 60 and bantime 604800 just to try and get fail2ban > to ban things, but not much is changing. I tried findtime 3600 also > but I’m still seeing lots of ‘Found’. Why does it not just ‘Ban’ ? > > > > I’m using a few things for ddos in sendmail, to prevent such attacks. > > > > I don’t know if it matters, but my bds-ipfw.conf action suggests this > – > > startstatefile = /var/run/fail2ban/ipfw-started-table_<table> > > > > But I have no such file – > > ls -l /var/run/fail2ban/ > > total 2 > > -rw------- 1 root wheel 6 Aug 14 15:06 fail2ban.pid > > srwx------ 1 root wheel 0 Aug 14 15:06 fail2ban.sock > > > > Should I have? > > > > Could someone tell me what I should use to mitigate this issue and > start banning properly? I was thinking about playing with maxlines > next.. > > > > Also I’m using gamin as backend, as auto doesn’t seem to ban more than > 4k addresses. With gamin I get about 10k, but then my maillog is still > streaming down with incoming connections and I stop getting the ‘Ban’ > notice logs and just get INFO ‘Found’ logs. > > > > Any pointers welcome. > > > > Thanks, > > Rich > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
