Hi, On 2019-06-09 19:33:49 -0400, Christopher David Howie wrote: > fail2ban provides the following configuration, which does not work on Debian > by default. > > In /etc/fail2ban/filter.d/postfix.conf: > > ^%(__prefix_line)slost connection after AUTH from \S+\[<HOST>\]$ > > In /etc/fail2ban/paths-common.conf: > > postfix_log = %(syslog_mail_warn)s > > However, Postfix does not log "lost connection after AUTH" messages at warn > severity by default on Debian. Replacing the log source line with this > corrects the issue: > > postfix_log = %(syslog_mail)s
No, I don't think there is any issue (or this has been fixed in Debian 10 buster): in /etc/fail2ban/paths-debian.conf one has: syslog_mail = /var/log/mail.log # control the `mail.warn` setting, see `/etc/rsyslog.d/50-default.conf` (if commented `mail.*` wins). # syslog_mail_warn = /var/log/mail.warn syslog_mail_warn = %(syslog_mail)s Thus it is /var/log/mail.log that is used for postfix_log. BTW, I can see lines for both postfix and postfix-sasl in my fail2ban log files. -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) _______________________________________________ Python-modules-team mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
