Re: [Fail2ban-users] Enable multiple jails

Emanuel Gonzalez Wed, 17 Jan 2018 07:05:34 -0800

Yes, the file blockip-custom.conf exists in /etc/fail2ban/action.d but not 
block IPs



example:


Jan 17 11:38:54 linux.backend exim[14840]: 2018-01-17 11:38:52 fixed_login 
authenticator failed for (User) [190.98.45.180]: 535 Incorrect authentication 
data (set_id=s...@dattaweb.com)
Jan 17 11:38:55 linux.backend exim[21870]: 2018-01-17 11:38:56 fixed_login 
authenticator failed for (User) [190.98.45.180]: 535 Incorrect authentication 
data (set_id=s...@dattaweb.com)
Jan 17 11:38:55 linux.backend exim[14840]: 2018-01-17 11:38:56 fixed_login 
authenticator failed for (User) [190.98.45.180]: 535 Incorrect authentication 
data (set_id=s...@dattaweb.com)
Jan 17 11:38:56 linux.backend exim[21770]: 2018-01-17 11:38:56 fixed_login 
authenticator failed for (User) [190.98.45.180]: 535 Incorrect authentication 
data (set_id=s...@dattaweb.com)
Jan 17 11:38:56 linux.backend exim[14840]: 2018-01-17 11:38:56 fixed_login 
authenticator failed for (User) [190.98.45.180]: 535 Incorrect authentication 
data (set_id=s...@dattaweb.com)
Jan 17 11:38:58 linux.backend exim[21770]: 2018-01-17 11:38:56 fixed_login 
authenticator failed for (User) [190.98.45.180]: 535 Incorrect authentication 
data (set_id=s...@dattaweb.com)
Jan 17 11:38:58 linux.backend exim[21770]: 2018-01-17 11:38:58 fixed_login 
authenticator failed for (User) [190.98.45.180]: 535 Incorrect authentication 
data (set_id=s...@dattaweb.com)
Jan 17 11:38:58 linux.backend exim[21770]: 2018-01-17 11:38:58 fixed_login 
authenticator failed for (User) [190.98.45.180]: 535 Incorrect authentication 
data (set_id=s...@dattaweb.com)
Jan 17 11:38:59 linux.backend exim[21870]: 2018-01-17 11:38:56 fixed_login 
authenticator failed for (User) [190.98.45.180]: 535 Incorrect authentication 
data (set_id=s...@dattaweb.com)

In the file maillog-custom.conf

failregex =  \[<HOST>\]:\d+: 535 Incorrect authentication data
[rsyslog-maillog]
enabled = true
filter = maillog-custom
bantime = 86400
findtime = 600
maxretry = 5
port = smtp,465,submission,imap3,imaps,pop3,pop3s
# tail iniciar al final del log
# para que no arranque a procesarlo desde el principio o desde donde se quedo
logpath = /var/log/maillog

any ideas?

Regards,





________________________________
De: Roman Pikalo <roman.pik...@funderbeam.com>
Enviado: miércoles, 17 de enero de 2018 9:04:49
Para: Emanuel Gonzalez
Cc: fail2ban-users@lists.sourceforge.net
Asunto: Re: [Fail2ban-users] Enable multiple jails

Do you have blockip-custom banaction defined in /etc/fail2ban/jail.conf /file ?

Bregs, Roman

Emanuel Gonzalez 
<emanuel_gonza...@live.com.ar<mailto:emanuel_gonza...@live.com.ar>>:

Helo, I have read all the documentation but I can not solve my problem.

I create the file jail-custom.conf /etc/fail2ban/jail.d with this config:


[rsyslog-maillog]
enabled = true
filter = maillog-custom
bantime = 86400
findtime = 600
maxretry = 5
#port = smtp,465,submission,imap3,imaps,pop3,pop3s
port = imap3,imaps,pop3,pop3s
# tail iniciar al final del log
# para que no arranque a procesarlo desde el principio o desde donde se quedo
logpath = /var/log/maillog tail


[exim]
enabled = true
filter = exim
port = smtp,465,submission
bantime = 86400
findtime = 600
maxretry = 5
#banaction = blockip-custom
#action = %(action_)s
action = blockip-custom
logpath  = /var/log/maillog
backend  = auto
#journalmatch =


The jail "rsyslog-maillog is work, but the exim jail not.


tail -f /var/log/fail2ban.log
2018-01-16 15:20:58,599 fail2ban.actions        [13905]: NOTICE  
[rsyslog-maillog] Ban 111.75.167.157
2018-01-16 15:21:05,610 fail2ban.actions        [13905]: NOTICE  
[rsyslog-maillog] Ban 111.89.179.159
2018-01-16 15:21:06,830 fail2ban.actions        [13905]: NOTICE  
[rsyslog-maillog] Ban 112.112.193.39
2018-01-16 15:21:13,871 fail2ban.actions        [13905]: NOTICE  
[rsyslog-maillog] Ban 112.112.25.39
2018-01-16 15:21:14,643 fail2ban.actions        [13905]: NOTICE  
[rsyslog-maillog] Ban 112.113.241.17
2018-01-16 15:21:15,435 fail2ban.actions        [13905]: NOTICE  
[rsyslog-maillog] Ban 112.113.60.146
2018-01-16 15:21:17,246 fail2ban.actions        [13905]: NOTICE  
[rsyslog-maillog] Ban 112.113.60.247
2018-01-16 15:21:24,439 fail2ban.actions        [13905]: NOTICE  
[rsyslog-maillog] Ban 112.113.60.38
2018-01-16 15:21:25,222 fail2ban.actions        [13905]: NOTICE  
[rsyslog-maillog] Ban 112.113.61.121
2018-01-16 15:21:26,009 fail2ban.actions        [13905]: NOTICE  
[rsyslog-maillog] Ban 112.113.61.183

any ideas? regards

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://slashdot.org/>! 
http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net<mailto:Fail2ban-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Re: [Fail2ban-users] Enable multiple jails

Reply via email to