Estava rodando (conferi com fail2ban-client status, e tbm conferi o processo na memória), agora não está mais. Não tenho total autonomia na máquina e o chefe do suporte pediu pra parar de roda-lo pq o fail2ban estava atrasando o SMTP, não consegui conferir isso pois estava em outro lugar.
Fizemos um rápido script pra coletar os IPs e inserir os DROPs no iptables periodicamente. Enfim, parei a execução dele e vou usa-lo em teste em outra máquina pra ver o que acontece retornando com pedido de ajuda se precisar. Muito obrigado mesmo a todos pela ajuda. Em sex 29 abr 2011, às 10:43:51, Marcelo escreveu: > Alexandre, > > pergunta idiota... o fail2ban tá rodando? > > o que aparece no log do fail2ban? vc consegue gerar um "bloqueio" para > teste? > > Abraços, > Marcelo > > Alexandre Balistrieri wrote: > > Meu problema persiste. > > > > O fail2ban parece não reagir ou o tempo de ração é muito estranho e ainda > > não consegui entender porque não reage. No site diz que o tempo de reação > > dele depende muito do syslog bufferizado que no meu caso parece estar > > desligado. De qualquer maneira já deixei ele rodando horas e nada de reagir. > > > > Estou fazendo manualmente a coleta de IPs e incluindo-os numa 'chain' > > própria de 'input' no 'iptables'. > > > > /var/log/mail.warn: > > -------------------- > > ... > > ... > > ... > > Apr 29 09:21:44 guarani postfix/smtpd[28361]: warning: > > unknown[177.16.254.44]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:45 guarani postfix/smtpd[27633]: warning: > > unknown[189.99.142.107]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:45 guarani postfix/smtpd[24032]: warning: > > unknown[189.26.68.213]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:46 guarani postfix/smtpd[28410]: warning: > > unknown[187.43.14.45]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:47 guarani postfix/smtpd[28528]: warning: > > unknown[189.105.0.42]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:49 guarani postfix/smtpd[5468]: warning: > > unknown[189.114.4.176]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:49 guarani postfix/smtpd[27586]: warning: > > unknown[190.27.58.228]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:50 guarani postfix/smtpd[28215]: warning: > > unknown[190.122.116.175]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:50 guarani postfix/smtpd[28722]: warning: > > unknown[189.81.72.249]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:51 guarani postfix/smtpd[28406]: warning: > > unknown[187.43.14.45]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:53 guarani postfix/smtpd[27927]: warning: > > unknown[186.220.201.155]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:55 guarani postfix/smtpd[28914]: warning: > > unknown[190.172.253.145]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:55 guarani postfix/smtpd[28416]: warning: > > unknown[189.70.195.161]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:56 guarani postfix/smtpd[24732]: warning: > > 189-46-28-191.dsl.telesp.net.br[189.46.28.191]: SASL LOGIN authentication > > failed: authentication failure > > Apr 29 09:21:56 guarani postfix/smtpd[27691]: warning: > > unknown[201.89.192.3]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:21:57 guarani postfix/smtpd[10908]: warning: > > 189-19-227-148.dsl.telesp.net.br[189.19.227.148]: SASL LOGIN authentication > > failed: authentication failure > > Apr 29 09:22:02 guarani postfix/smtpd[25326]: warning: > > unknown[189.13.200.5]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:22:07 guarani postfix/smtpd[28406]: warning: > > unknown[190.244.176.248]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:22:09 guarani postfix/smtpd[28832]: warning: > > unknown[187.126.5.3]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:22:10 guarani postfix/smtpd[25299]: warning: > > unknown[187.74.69.61]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:22:10 guarani postfix/smtpd[27942]: warning: > > unknown[190.51.31.87]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:22:10 guarani postfix/smtpd[27873]: warning: > > unknown[190.176.157.4]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:22:12 guarani postfix/smtpd[28903]: warning: > > unknown[189.104.241.131]: SASL LOGIN authentication failed: authentication > > failure > > Apr 29 09:22:12 guarani postfix/smtpd[28564]: warning: > > unknown[177.27.38.161]: SASL LOGIN authentication failed: authentication > > failure > > ... > > ... > > ... > > > > > > /var/log/fail2ban.log: > > ---------------------- > > ... > > ... > > 2011-04-29 09:10:49,427 fail2ban.jail : INFO Jail 'sasl-iptables' > > started > > 2011-04-29 09:15:33,412 fail2ban.jail : INFO Jail 'sasl-iptables' > > stopped > > 2011-04-29 09:15:33,415 fail2ban.server : INFO Changed logging target to > > /var/log/fail2ban.log for Fail2ban v0.8.4 > > 2011-04-29 09:15:33,416 fail2ban.jail : INFO Creating new jail > > 'sasl-iptables' > > 2011-04-29 09:15:33,416 fail2ban.jail : INFO Jail 'sasl-iptables' uses > > poller > > 2011-04-29 09:15:33,434 fail2ban.filter : INFO Added logfile = > > /var/log/mail.warn > > 2011-04-29 09:15:33,435 fail2ban.filter : INFO Set maxRetry = 1 > > 2011-04-29 09:15:33,437 fail2ban.filter : INFO Set findtime = 600 > > 2011-04-29 09:15:33,438 fail2ban.actions: INFO Set banTime = 7200 > > 2011-04-29 09:15:33,454 fail2ban.jail : INFO Jail 'sasl-iptables' > > started > > > > > > Jail.conf: > > ---------- > > ... > > ... > > [sasl-iptables] > > > > enabled = true > > filter = sasl > > backend = polling > > port = smtp > > action = iptables[name=sasl, port=smtp, protocol=tcp] > > # sendmail-whois[name=sasl, [email protected]] > > logpath = /var/log/mail.warn > > maxretry = 1 > > findtime = 600 > > bantime = 7200 > > ... > > ... > > ... > > [postfix] > > > > enabled = true > > port = smtp > > filter = postfix > > action = iptables[name=postfix, port=smtp, protocol=tcp] > > maxretry = 3 > > findtime = 3600 > > bantime = 43200 > > logpath = /var/log/mail > > > > > > > > fail2ban.conf: > > --------------- > > ... > > ... > > [Definition] > > > > loglevel = 3 > > > > logtarget = /var/log/fail2ban.log > > > > socket = /var/run/fail2ban/fail2ban.sock > > #[SMTP] > > #enabled = true > > #logfile = /var/log/mail > > > > > > > > --------------------------------------------------------------------- > Esta mensagem pode conter informacao confidencial. > Se voce nao for o destinatario ou a pessoa autorizada a receber > esta mensagem, nao podera usar, copiar ou divulgar as informacoes nela > contidas ou tomar qualquer acao baseada nessas informacoes. Se > voce recebeu esta mensagem por engano, favor avisar imediatamente o > remetente, respondendo o e-mail e, em seguida, apague-o. > Agradecemos sua cooperacao. > > This message may contain confidential information. > If you are not the addressee or authorized person to receive it for the > addressee, you must not use, copy, disclose or take any action based on > this message or any information herein. If you have received this message > in error, please advise the sender immediately by replying this e-mail > message and delete it. > Thanks in advance for your cooperation. > ---------------------------------------------------------------------- > BIOTERIO Faculdade de Medicina USP > ---------------------------------------------------------------------- > > -- Quam minimum credula postero, carpe diem []s Bali - Alexandre Balistrieri _______________________________________________ Postfix-BR mailing list [email protected] http://listas.softwarelivre.org/mailman/listinfo/postfix-br
