On 2017-12-13 10:14 AM, Tom Hendrikx wrote:
Hi,
The default jail does not check on the lines you mention.
Not really weird, since the log message explicitly states that no auth
attempt is performed. Somebody is connecting but did not send auth
details, and your dovecot didn't tell them whether the auth credentials
were working or not. This could be a bot (albeit a very stupid or simple
one, because it does not try to use TLS), or it could be a user that has
his IMAP client configured incorrectly.
Anyway: no auth details, so no dictionary attack. Feel free to add
custom regexes on your own system though.
Kind regards,
Tom
Thanks for the help.
The bot left lot lines in the maillog which is annoying. I'll try to
learn to craft a failregex to block it.
Gao
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
