Alexandre, pergunta idiota... o fail2ban tá rodando?
o que aparece no log do fail2ban? vc consegue gerar um "bloqueio" para teste? Abraços, Marcelo Alexandre Balistrieri wrote: > Meu problema persiste. > > O fail2ban parece não reagir ou o tempo de ração é muito estranho e ainda não > consegui entender porque não reage. No site diz que o tempo de reação dele > depende muito do syslog bufferizado que no meu caso parece estar desligado. > De qualquer maneira já deixei ele rodando horas e nada de reagir. > > Estou fazendo manualmente a coleta de IPs e incluindo-os numa 'chain' própria > de 'input' no 'iptables'. > > /var/log/mail.warn: > -------------------- > ... > ... > ... > Apr 29 09:21:44 guarani postfix/smtpd[28361]: warning: > unknown[177.16.254.44]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:45 guarani postfix/smtpd[27633]: warning: > unknown[189.99.142.107]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:45 guarani postfix/smtpd[24032]: warning: > unknown[189.26.68.213]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:46 guarani postfix/smtpd[28410]: warning: unknown[187.43.14.45]: > SASL LOGIN authentication failed: authentication failure > Apr 29 09:21:47 guarani postfix/smtpd[28528]: warning: unknown[189.105.0.42]: > SASL LOGIN authentication failed: authentication failure > Apr 29 09:21:49 guarani postfix/smtpd[5468]: warning: unknown[189.114.4.176]: > SASL LOGIN authentication failed: authentication failure > Apr 29 09:21:49 guarani postfix/smtpd[27586]: warning: > unknown[190.27.58.228]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:50 guarani postfix/smtpd[28215]: warning: > unknown[190.122.116.175]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:50 guarani postfix/smtpd[28722]: warning: > unknown[189.81.72.249]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:51 guarani postfix/smtpd[28406]: warning: unknown[187.43.14.45]: > SASL LOGIN authentication failed: authentication failure > Apr 29 09:21:53 guarani postfix/smtpd[27927]: warning: > unknown[186.220.201.155]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:55 guarani postfix/smtpd[28914]: warning: > unknown[190.172.253.145]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:55 guarani postfix/smtpd[28416]: warning: > unknown[189.70.195.161]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:56 guarani postfix/smtpd[24732]: warning: > 189-46-28-191.dsl.telesp.net.br[189.46.28.191]: SASL LOGIN authentication > failed: authentication failure > Apr 29 09:21:56 guarani postfix/smtpd[27691]: warning: unknown[201.89.192.3]: > SASL LOGIN authentication failed: authentication failure > Apr 29 09:21:57 guarani postfix/smtpd[10908]: warning: > 189-19-227-148.dsl.telesp.net.br[189.19.227.148]: SASL LOGIN authentication > failed: authentication failure > Apr 29 09:22:02 guarani postfix/smtpd[25326]: warning: unknown[189.13.200.5]: > SASL LOGIN authentication failed: authentication failure > Apr 29 09:22:07 guarani postfix/smtpd[28406]: warning: > unknown[190.244.176.248]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:22:09 guarani postfix/smtpd[28832]: warning: unknown[187.126.5.3]: > SASL LOGIN authentication failed: authentication failure > Apr 29 09:22:10 guarani postfix/smtpd[25299]: warning: unknown[187.74.69.61]: > SASL LOGIN authentication failed: authentication failure > Apr 29 09:22:10 guarani postfix/smtpd[27942]: warning: unknown[190.51.31.87]: > SASL LOGIN authentication failed: authentication failure > Apr 29 09:22:10 guarani postfix/smtpd[27873]: warning: > unknown[190.176.157.4]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:22:12 guarani postfix/smtpd[28903]: warning: > unknown[189.104.241.131]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:22:12 guarani postfix/smtpd[28564]: warning: > unknown[177.27.38.161]: SASL LOGIN authentication failed: authentication > failure > ... > ... > ... > > > /var/log/fail2ban.log: > ---------------------- > ... > ... > 2011-04-29 09:10:49,427 fail2ban.jail : INFO Jail 'sasl-iptables' started > 2011-04-29 09:15:33,412 fail2ban.jail : INFO Jail 'sasl-iptables' stopped > 2011-04-29 09:15:33,415 fail2ban.server : INFO Changed logging target to > /var/log/fail2ban.log for Fail2ban v0.8.4 > 2011-04-29 09:15:33,416 fail2ban.jail : INFO Creating new jail > 'sasl-iptables' > 2011-04-29 09:15:33,416 fail2ban.jail : INFO Jail 'sasl-iptables' uses > poller > 2011-04-29 09:15:33,434 fail2ban.filter : INFO Added logfile = > /var/log/mail.warn > 2011-04-29 09:15:33,435 fail2ban.filter : INFO Set maxRetry = 1 > 2011-04-29 09:15:33,437 fail2ban.filter : INFO Set findtime = 600 > 2011-04-29 09:15:33,438 fail2ban.actions: INFO Set banTime = 7200 > 2011-04-29 09:15:33,454 fail2ban.jail : INFO Jail 'sasl-iptables' started > > > Jail.conf: > ---------- > ... > ... > [sasl-iptables] > > enabled = true > filter = sasl > backend = polling > port = smtp > action = iptables[name=sasl, port=smtp, protocol=tcp] > # sendmail-whois[name=sasl, [email protected]] > logpath = /var/log/mail.warn > maxretry = 1 > findtime = 600 > bantime = 7200 > ... > ... > ... > [postfix] > > enabled = true > port = smtp > filter = postfix > action = iptables[name=postfix, port=smtp, protocol=tcp] > maxretry = 3 > findtime = 3600 > bantime = 43200 > logpath = /var/log/mail > > > > fail2ban.conf: > --------------- > ... > ... > [Definition] > > loglevel = 3 > > logtarget = /var/log/fail2ban.log > > socket = /var/run/fail2ban/fail2ban.sock > #[SMTP] > #enabled = true > #logfile = /var/log/mail > > > --------------------------------------------------------------------- Esta mensagem pode conter informacao confidencial. Se voce nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao podera usar, copiar ou divulgar as informacoes nela contidas ou tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta mensagem por engano, favor avisar imediatamente o remetente, respondendo o e-mail e, em seguida, apague-o. Agradecemos sua cooperacao. This message may contain confidential information. If you are not the addressee or authorized person to receive it for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by replying this e-mail message and delete it. Thanks in advance for your cooperation. ---------------------------------------------------------------------- BIOTERIO Faculdade de Medicina USP ---------------------------------------------------------------------- _______________________________________________ Postfix-BR mailing list [email protected] http://listas.softwarelivre.org/mailman/listinfo/postfix-br
