There is another issue which might be related. Don't think it's solved: https://github.com/systemd/systemd/issues/1347
Am 21.03.2017 um 17:06 schrieb Admin Beckspaced: > Hi again ;) > > thanks a lot for replying. Not sure if this is my issue as it does work > with with journalmatch in postfix-sasl.conf > > journalmatch = _SYSTEMD_UNIT=postfix.service > > 2017-03-21 10:09:02,759 fail2ban.filtersystemd [30179]: INFO Added > journal match for: '_SYSTEMD_UNIT=postfix.service' > > no notice is thrown here in the log. > > any more help & hints are welcome ... > > Thanks & greetings > Becki > > > On 21.03.2017 13:34, Johannes Weberhofer wrote: >> Hi Becki, >> >> this issue seems to be related to >> https://github.com/systemd/python-systemd/issues/36 >> >> Best regards, >> Johannes >> >> Am 21.03.2017 um 10:36 schrieb Admin Beckspaced: >>> Hello there ;) >>> >>> just a quick question about dovecot jail and a notice in the fail2ban log >>> >>> I'm running fail2ban version 0.9.6 on an openSUSE box 42.1 >>> >>> I'm using the dovecot jail: >>> >>> [dovecot-cx20] >>> >>> enabled = true >>> filter = dovecot >>> port = pop3,pop3s,imap,imaps >>> action = %(action_mwl)s >>> logpath = %(dovecot_log)s >>> backend = %(dovecot_backend)s >>> maxretry = 5 >>> bantime = 259200 >>> >>> and in /filter.d/dovecot.conf I also got the Init section for the >>> journalmatch: >>> >>> [Init] >>> >>> journalmatch = _SYSTEMD_UNIT=dovecot.service >>> >>> If i start fail2ban the log says: >>> >>> 2017-03-21 10:09:02,411 fail2ban.server [30179]: INFO Changed >>> logging target to /var/log/fail2ban.log for Fail2ban v0.9.6 >>> 2017-03-21 10:09:02,412 fail2ban.database [30179]: INFO Connected >>> to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' >>> ... >>> 2017-03-21 10:09:02,912 fail2ban.jail [30179]: INFO Creating >>> new jail 'dovecot-cx20' >>> 2017-03-21 10:09:02,913 fail2ban.jail [30179]: INFO Jail >>> 'dovecot-cx20' uses systemd {} >>> 2017-03-21 10:09:02,917 fail2ban.jail [30179]: INFO Initiated >>> 'systemd' backend >>> 2017-03-21 10:09:02,918 fail2ban.filter [30179]: INFO Set >>> maxRetry = 5 >>> 2017-03-21 10:09:02,920 fail2ban.filter [30179]: INFO Set >>> jail log file encoding to UTF-8 >>> 2017-03-21 10:09:02,920 fail2ban.actions [30179]: INFO Set >>> banTime = 259200 >>> 2017-03-21 10:09:02,921 fail2ban.filter [30179]: INFO Set >>> findtime = 600 >>> 2017-03-21 10:09:02,957 fail2ban.filtersystemd [30179]: INFO Added >>> journal match for: '_SYSTEMD_UNIT=dovecot.service' >>> 2017-03-21 10:09:02,978 fail2ban.filtersystemd [30179]: NOTICE Jail >>> started without 'journalmatch' set. Jail regexs will be checked against >>> all journal entries, which is not advised for performance reasons. >>> >>> So it seems fail2ban is having an issue with journalmatch for dovecot jail >>> How can i fix this? >>> >>> I also do not receive the log lines in the notification email. i t just >>> says: >>> >>> Lines containing IP:115.202.188.141 in /var/log/mail >>> but no listing of lines from the log >>> >>> I have a similar setup for postfix with journalmatch and there it >>> doesn't throw an error: >>> >>> 2017-03-21 10:09:02,739 fail2ban.jail [30179]: INFO Creating >>> new jail 'postfix-sasl-cx20' >>> 2017-03-21 10:09:02,739 fail2ban.jail [30179]: INFO Jail >>> 'postfix-sasl-cx20' uses systemd {} >>> 2017-03-21 10:09:02,744 fail2ban.jail [30179]: INFO Initiated >>> 'systemd' backend >>> 2017-03-21 10:09:02,746 fail2ban.filter [30179]: INFO Set >>> maxRetry = 5 >>> 2017-03-21 10:09:02,747 fail2ban.filter [30179]: INFO Set >>> jail log file encoding to UTF-8 >>> 2017-03-21 10:09:02,748 fail2ban.actions [30179]: INFO Set >>> banTime = 259200 >>> 2017-03-21 10:09:02,749 fail2ban.filter [30179]: INFO Set >>> findtime = 3600 >>> 2017-03-21 10:09:02,759 fail2ban.filtersystemd [30179]: INFO Added >>> journal match for: '_SYSTEMD_UNIT=postfix.service' >>> >>> with postfix jail I do receive log lines in the notification email: >>> >>> Lines containing IP:46.217.64.108 in /var/log/mail >>> >>> 2017-03-21T10:11:39.631356+01:00 cx20 postfix/smtpd[29196]: connect from >>> unknown[46.217.64.108] >>> 2017-03-21T10:11:40.311477+01:00 cx20 postfix/smtpd[29196]: NOQUEUE: >>> reject_warning: RCPT from unknown[46.217.64.108]: 450 4.7.1 Client host >>> rejected: cannot find your hostname, [46.217.64.108]; >>> from=<jac...@b4pph115.bnr.ca> to=<mota...@sadsadas.de> proto=ESMTP >>> helo=<[46.217.64.108]> >>> 2017-03-21T10:11:40.420446+01:00 cx20 postfix/smtpd[29196]: NOQUEUE: >>> reject: RCPT from unknown[46.217.64.108]: 554 5.7.1 Service unavailable; >>> Client host [46.217.64.108] blocked using bl.spamcop.net; Blocked - see >>> http://www.spamcop.net/bl.shtml?46.217.64.108; >>> from=<jac...@b4pph115.bnr.ca> to=<mota...@sdsad.de> proto=ESMTP >>> helo=<[46.217.64.108]> >>> >>> thanks & greetings >>> Becki >>> >>> ------------------------------------------------------------------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> _______________________________________________ >>> Fail2ban-users mailing list >>> Fail2ban-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>> > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > -- Johannes Weberhofer Weberhofer GmbH, Austria, Vienna ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
