Morning,
My logging from and postfix dovecot is in this format:
Mar 6 07:49:45 mx dovecot: imap-login: Login: sop...@example.com>,
method=PLAIN, rip=94.19.2.3, lip=1.31.1.3, mpid=10655, TLS, TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Mar 6 07:55:36 mx postfix/smtpd[10793
er.
[dovecot]
port= imap,imaps,sieve
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s
[sieve]
port = smtp,465,submission
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s
> On 6 Mar 2018, at 10:50, Tom Hendrikx wrote:
>
>
>
> On 06-03-18 08:59, So
27;re running
> - contents of the /etc/fail2ban/filter.d/dovecot.conf file, so we can
> extend the current regex
>
> For nginx, please create a new thread and supply the same information,
> along with some sample log lines.
>
> Kind regards,
>
> Tom
>
>
o we can
> extend the current regex
>
> For nginx, please create a new thread and supply the same information,
> along with some sample log lines.
>
> Kind regards,
>
> Tom
>
>
> On 12-03-18 21:03, Sophie Loewenthal wrote:
>> Hi, Thanks for the fail2ba
h:.+dovecot:auth.+authentication\s+failure;.+rhost=
> dovecot:.+rip=.+wrong version number
> dovecot:.+tried to use disallowed plaintext auth.+rip=
> dovecot:.+auth failed.+rip=
> dovecot:.+no auth attemps.+rip=
>
> Bill
>
>
Sorry was sent offlist accidentally. List looped back in.
> On 13 Mar 2018, at 23:25, Sophie Loewenthal wrote:
>
> Hi Rene, Is this case for everything now? I don’t have an 'enabled = true'
> for sshd for example and the jail stared.
>
> # grep 'enabled =
don’t think I follow the enabled= logic well :(
Sophie
> On 13 Mar 2018, at 23:30, René Berber wrote:
>
> On 3/13/2018 4:25 PM, Sophie Loewenthal wrote:
>
>> Hi Rene, Is this case for everything now? I don’t have an 'enabled = true'
>> for ss
> On 13 Mar 2018, at 23:39, Sophie Loewenthal wrote:
>
> Changed it to this in jail.conf and restarted and dovecot jail is not active.
>
> [dovecot]
> enable = true
> port= imap,imaps,sieve
> logpath = %(syslog_mail)s
> backend = %(dovecot_backend)s
>
> #
Mystery solved. Debian defaults to sshd enabled :)
# cat jail.d/defaults-debian.conf
[sshd]
enabled = true
I’ll move my changes into jail.local.
Many thanks for your help Rene.
Night,
Sophie
> On 13 Mar 2018, at 23:46, René Berber wrote:
>
> On 3/13/2018 4:39 PM, Sophie L
Good morning,
This is interesting ( for me ).
I read this in my logs after enabling postfix-auth on Debian 9.2
fail2ban.log
2018-03-15 19:12:36,066 fail2ban.actions[12742]: ERROR Failed to
execute unban jail 'postfix-auth' action 'iptables-multiport' info '{'matches':
'Mar 14 21:01
this
strange that it would unban an IP from before it was enabled.
> On 16 Mar 2018, at 08:37, Sophie Loewenthal wrote:
>
> Good morning,
>
> This is interesting ( for me ).
>
> I read this in my logs after enabling postfix-auth on Debian 9.2
>
>
> fail2ban
Entirely true. I did confuse them.
I have unban errors on postfix-auth.
Sent from a mobile. Excuse my brevity & spelling mistakes.
On March 16, 2018 8:51:27 AM CET, Dominic Raferd
wrote:
>On 16 Mar 2018 08:43, "Sophie Loewenthal" wrote:
>
>P.S For reference, the cur
ote:
>
> On 3/16/2018 1:37 AM, Sophie Loewenthal wrote:
>
>> fail2ban.log 2018-03-15 19:12:36,066 fail2ban.actions
>> [12742]: ERROR Failed to execute unban jail 'postfix-auth' action
>> 'iptables-multiport' info '{'matches': 'Mar
Morning,
A new K9 Mail client gets banned all the time and I am trying to work
out why.
I have this regex:
failregex = auth:.+dovecot:auth.+authentication\s+failure;.+rhost=
dovecot:.+rip=.+wrong version number
dovecot:.+tried to use disallowed plaintext auth.+rip=
l-missed to print all 6117
lines
> On 12 Jul 2018, at 09:50, Nick Howitt wrote:
>
> Sorry. should have replied to list.
>
> Add --print-all-matched to the fail2ban-regex command
>
> On 12/07/2018 07:59, Sophie Loewenthal wrote:
>>
>> Morning,
>>
>
Oh, maybe it was all those auth failed messages
On July 12, 2018 10:30:47 AM CEST, Sophie Loewenthal
wrote:
>Hi Nick,
>
>Here you go. domain name/users have been obfuscated.
>
>
>Running tests
>=
>
>Use failregex filter file : dovecot, basedir: /et
Hi guys,
Version: fail2ban 0.10.2-2.1
Just upgraded Debian from 9 to 10. iptables still runs.
Did fail2ban started trying to add strange strings into iptables?
However the 41.113.60.220 IP was removed from iptables and running
fail2ban-client reload gave clean results.
2019-09-04 18:36:4
Hi,
I had this message from fail2ban after an upgrade from Debian 9 to 10 for many
months.
fail2ban 0.11.2-2
How could I mend these jails?
** WARNINGS **
[nginx-x1] Please check jail has possibly a timezone issue. Line with odd
timestamp: 35.205.35.197 - - [01/Feb/2022:03:10:28 +] "GE
eally annoying
> On 24 Feb 2022, at 7:02 pm, Graham B.
> wrote:
>
> On Wed, 23 Feb 2022, Sophie Loewenthal wrote:
>
>> Date: Wed, 23 Feb 2022 09:13:06
>> From: Sophie Loewenthal
>> To: fail2ban-users@lists.sourceforge.net
>> Subject: [Fail2ban-u
Sorry, I thought you were my brother replying to me! Opps.
Still ;-)
> On 24 Feb 2022, at 7:07 pm, Sophie Loewenthal wrote:
>
> You can't mend it really. It is an annoying message.
>
> I sent an question to the fail2ban mailinglist yesterday, and I am awaiting a
>
> On 25 Feb 2022, at 7:48 pm, James Moe via Fail2ban-users
> wrote:
>
> On 2022-02-24 11:01, Graham B. wrote:
>
>> I had this message from fail2ban after an upgrade from Debian 9
>> to 10 for many months.
>>
>> How could I mend these jails?
>>
>> ** WARNINGS **
>> [nginx-x1] Please check
21 matches
Mail list logo