Hi. I have a fresh source compiled fail2ban service up and running and tried to configure it as shown in the manuals. Unfortunaly my exam jail isn’t banning.
I hope someone can give me a hint.
Thank you,
kind regards,
Sebastian
fail2ban.log
2015-09-04 02:55:56,659 fail2ban.filter [6920]: INFO [exim] Found
31.210.124.242
2015-09-04 02:55:57,265 fail2ban.actions [6920]: NOTICE [exim] Ban
31.210.124.242
2015-09-04 02:55:57,651 fail2ban.action [6920]: ERROR iptables -w -n
-L INPUT | grep -q 'f2b-exim[ \t]' -- stdout: ''
2015-09-04 02:55:57,660 fail2ban.action [6920]: ERROR iptables -w -n
-L INPUT | grep -q 'f2b-exim[ \t]' -- stderr: 'iptables v1.4.14: unknown option
"-w"\nTry `iptables -h\' or \'iptables --help\' for more information.\n'
2015-09-04 02:55:57,661 fail2ban.action [6920]: ERROR iptables -w -n
-L INPUT | grep -q 'f2b-exim[ \t]' -- returned 1
2015-09-04 02:55:57,661 fail2ban.CommandAction [6920]: ERROR Invariant check
failed. Trying to restore a sane environment
2015-09-04 02:55:57,775 fail2ban.action [6920]: ERROR iptables -w -D
INPUT -p tcp -m multiport --dports smtp,465,submission, imap, imaps -j f2b-exim
iptables -w -F f2b-exim
iptables -w -X f2b-exim -- stdout: ''
2015-09-04 02:55:57,775 fail2ban.action [6920]: ERROR iptables -w -D
INPUT -p tcp -m multiport --dports smtp,465,submission, imap, imaps -j f2b-exim
iptables -w -F f2b-exim
iptables -w -X f2b-exim -- stderr: 'iptables v1.4.14: unknown option "-w"\nTry
`iptables -h\' or \'iptables --help\' for more information.\niptables v1.4.14:
unknown option "-w"\nTry `iptables -h\' or \'iptables --help\' for more
information.\niptables v1.4.14: unknown option "-w"\nTry `iptables -h\' or
\'iptables --help\' for more information.\n'
2015-09-04 02:55:57,776 fail2ban.action [6920]: ERROR iptables -w -D
INPUT -p tcp -m multiport --dports smtp,465,submission, imap, imaps -j f2b-exim
iptables -w -F f2b-exim
iptables -w -X f2b-exim -- returned 2
2015-09-04 02:55:57,776 fail2ban.actions [6920]: ERROR Failed to
execute ban jail 'exim' action 'iptables-multiport' info
'CallingMap({'ipjailmatches': <function <lambda> at 0x2acfde8>, 'matches':
u'2015-09-04 01:37:17 dovecot_login authenticator failed for
31-210-124-242.turkrdns.com (User) [31.210.124.242]: 535 Incorrect
authentication data ([email protected])\n2015-09-04 02:22:01
dovecot_login authenticator failed for 31-210-124-242.turkrdns.com (User)
[31.210.124.242]: 535 Incorrect authentication data
([email protected])\n2015-09-04 02:55:55 dovecot_login authenticator
failed for 31-210-124-242.turkrdns.com (User) [31.210.124.242]: 535 Incorrect
authentication data ([email protected])', 'ip': '31.210.124.242',
'ipmatches': <function <lambda> at 0x2acfd70>, 'ipfailures': <function <lambda>
at 0x2acfe60>, 'time': 1441328157.265453, 'failures': 3, 'ipjailfailures':
<function <lambda> at 0x2acfcf8>})': Error stopping action
/etc/fail2ban/jail.conf
(..)
filter = %(__name__)s
chain = INPUT
port = 0:65535
banaction = iptables-multiport
(..)
[exim]
port = smtp,465,submission, imap, imaps
logpath = /var/log/exim4/mainlog
/etc/fail2ban/filter.d/exim-common.conf
after = exim-common.local
[Definition]
host_info = H=([\w.-]+ )?(\(\S+\) )?\[<HOST>\](:\d+)? (I=\[\S+\]:\d+ )?(U=\S+
)?(P=e?smtp )?
pid = ( \[\d+\])?
/etc/fail2ban/filter.d/exim.conf
before = exim-common.conf
[Definition]
failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown
user|Unrouteable address|all relevant MX records point to non-existent
hosts)\s*$
^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\)
\[<HOST>\](:\d+)?( I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data(
\(set_id=.*\)|: \d+ Time\(s\))?\s*$
^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+:
(relay not permitted|Sender verify failed|Unknown user)\s*$
^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected
(connection from|"\S+") %(host_info)s(next )?input=".*"\s*$
^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\](:\d+)?
)?dropped: too many nonmail commands \(last was "\S+"\)\s*$
ignoreregex =
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
