Hello there ;)
just a quick question about dovecot jail and a notice in the fail2ban log
I'm running fail2ban version 0.9.6 on an openSUSE box 42.1
I'm using the dovecot jail:
[dovecot-cx20]
enabled = true
filter = dovecot
port = pop3,pop3s,imap,imaps
action = %(action_mwl)s
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s
maxretry = 5
bantime = 259200
and in /filter.d/dovecot.conf I also got the Init section for the
journalmatch:
[Init]
journalmatch = _SYSTEMD_UNIT=dovecot.service
If i start fail2ban the log says:
2017-03-21 10:09:02,411 fail2ban.server [30179]: INFO Changed
logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2017-03-21 10:09:02,412 fail2ban.database [30179]: INFO Connected
to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
...
2017-03-21 10:09:02,912 fail2ban.jail [30179]: INFO Creating
new jail 'dovecot-cx20'
2017-03-21 10:09:02,913 fail2ban.jail [30179]: INFO Jail
'dovecot-cx20' uses systemd {}
2017-03-21 10:09:02,917 fail2ban.jail [30179]: INFO Initiated
'systemd' backend
2017-03-21 10:09:02,918 fail2ban.filter [30179]: INFO Set
maxRetry = 5
2017-03-21 10:09:02,920 fail2ban.filter [30179]: INFO Set
jail log file encoding to UTF-8
2017-03-21 10:09:02,920 fail2ban.actions [30179]: INFO Set
banTime = 259200
2017-03-21 10:09:02,921 fail2ban.filter [30179]: INFO Set
findtime = 600
2017-03-21 10:09:02,957 fail2ban.filtersystemd [30179]: INFO Added
journal match for: '_SYSTEMD_UNIT=dovecot.service'
2017-03-21 10:09:02,978 fail2ban.filtersystemd [30179]: NOTICE Jail
started without 'journalmatch' set. Jail regexs will be checked against
all journal entries, which is not advised for performance reasons.
So it seems fail2ban is having an issue with journalmatch for dovecot jail
How can i fix this?
I also do not receive the log lines in the notification email. i t just
says:
Lines containing IP:115.202.188.141 in /var/log/mail
but no listing of lines from the log
I have a similar setup for postfix with journalmatch and there it
doesn't throw an error:
2017-03-21 10:09:02,739 fail2ban.jail [30179]: INFO Creating
new jail 'postfix-sasl-cx20'
2017-03-21 10:09:02,739 fail2ban.jail [30179]: INFO Jail
'postfix-sasl-cx20' uses systemd {}
2017-03-21 10:09:02,744 fail2ban.jail [30179]: INFO Initiated
'systemd' backend
2017-03-21 10:09:02,746 fail2ban.filter [30179]: INFO Set
maxRetry = 5
2017-03-21 10:09:02,747 fail2ban.filter [30179]: INFO Set
jail log file encoding to UTF-8
2017-03-21 10:09:02,748 fail2ban.actions [30179]: INFO Set
banTime = 259200
2017-03-21 10:09:02,749 fail2ban.filter [30179]: INFO Set
findtime = 3600
2017-03-21 10:09:02,759 fail2ban.filtersystemd [30179]: INFO Added
journal match for: '_SYSTEMD_UNIT=postfix.service'
with postfix jail I do receive log lines in the notification email:
Lines containing IP:46.217.64.108 in /var/log/mail
2017-03-21T10:11:39.631356+01:00 cx20 postfix/smtpd[29196]: connect from
unknown[46.217.64.108]
2017-03-21T10:11:40.311477+01:00 cx20 postfix/smtpd[29196]: NOQUEUE:
reject_warning: RCPT from unknown[46.217.64.108]: 450 4.7.1 Client host
rejected: cannot find your hostname, [46.217.64.108];
from=<jac...@b4pph115.bnr.ca> to=<mota...@sadsadas.de> proto=ESMTP
helo=<[46.217.64.108]>
2017-03-21T10:11:40.420446+01:00 cx20 postfix/smtpd[29196]: NOQUEUE:
reject: RCPT from unknown[46.217.64.108]: 554 5.7.1 Service unavailable;
Client host [46.217.64.108] blocked using bl.spamcop.net; Blocked - see
http://www.spamcop.net/bl.shtml?46.217.64.108;
from=<jac...@b4pph115.bnr.ca> to=<mota...@sdsad.de> proto=ESMTP
helo=<[46.217.64.108]>
thanks & greetings
Becki
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
