Well, looks like we only need to adjust our regex… Let’s try to simplify it:
failregex = "^Service \[ssmtp\] accepted connection from .*<HOST>%(__on_port_opt)\\n.*s_connect\: connect .* Connection refused \(61\)" You may also test your filters without restarting fail2ban every time. For this, run this command: fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/stunnel.local --print-all-missed > ~/missed.txt And then check the output in your home directory, in `missed.txt` file. Please, pay attention that it is better to keep your own rules in .local file rather than adjust standard .conf files. Denis > On 12 Apr 2019, at 08:51, James Brown <[email protected]> wrote: > >> On 12 Apr 2019, at 4:33 pm, Denis Rasulev <[email protected] >> <mailto:[email protected]>> wrote: >> >> [Init] >> maxlines = 2 >> >> [Definition] >> failregex = "^Service [ssmtp] accepted connection from >> ::ffff:<HOST>%(__on_port_opt)\n.*s_connect: connect ::1:25: Connection >> refused (61)" >> > > Thanks Denis. > > When I use that failregex fail2ban won’t start: > > fail2ban [39139]: ERROR Failed during configuration: bad > interpolation variable reference '%(__on_port_opt)\\n.*s_connect: connect > ::1:25: Connection refused (61)' > > James.
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
