On Tue, 2020-01-07 at 01:08 -0600, Harrison Johnson wrote: > On Mon, 2020-01-06 at 21:19 -0600, Courtney Rosenthal wrote: > > On Monday, January 6, 2020 2:10:42 PM CST James Moe via Fail2ban- > > users wrote: > > > Would this work as well? > > > > > > ^.* Disconnected \(no auth attempts .* rip=<HOST>, .*$ > > > ^.* Aborted \(auth failed .* rip=<HOST>, .*$ > > > > Thanks for the suggestion. Unless I'm misreading the failban-regex > > results > > (that I posted in my initial message) the regexes are working ok. > > > > The problem appears to be that the aggressive regex is being > > selected, and I > > could use some help figuring out why and how to stop that. > > > > I do operate a MTA but do you think 1 second is enough time to > negotiate the login? Is this correct "user=<>" for a good login? It > looks to me like the user is doing something incorrectly. > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Sorry I do not operate a MTA
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
