Thanks Tony for your answer and sorry for late reply.
My original message contained a zgrep command on fail2ban logs with only one
entry. Now it has two entries (the ban and the unban) :
root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # zgrep 221.228.229.49
/var/log/fail2ban.log*
/var/log/fail2ban.log:2017-08-31 01:49:50,512 fail2ban.actions[10631]: WARNING
[dovecot-long] Unban 221.228.229.49
/var/log/fail2ban.log.1:2017-08-26 01:49:50,396 fail2ban.actions[10631]:
WARNING [dovecot-long] Ban 221.228.229.49
root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL #
So dovecot-long is the jail that was activated.
> Often, when this has happened to me it's related to rotating of log files
Indeed, I remember I didn't have a logrotate rule for dovecot.log. It got to
200Mb+. I then created a rule for it and rotated it while fail2ban was running
(I guess), which could have caused this behaviour. It didn't happen again so I
think this is what could have caused it.
> But you've only got "dovecot.log" as your logpath in your jail conf,
Yes, it gets copied to dovecot.log.1 and the original is truncated. Maybe this
is why fail2ban acts strangely.
Yassine.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
