Hello f2b,
I am monitoring[0] password mismatches for my dovecot server (which also
serves
for SASL auth) and found out that a particular IP showed up several times in
the monitor.
A quick grep on the IP showed that it had at least 20 attempts[1] before it
got banned[2]. The jail config[3]
On 10/14/21 1:44 AM, Kenneth Porter wrote:
I've also been thinking about using a plugin for systems that allow
that to watch for obviously bad usernames and invoke fail2ban-client
to perma-ban those addresses. I might also add them to an ipset for
direct ban by the underlying firewall.
Dear F2B,
I am seeing a few lines that look like this in my dovecot log :
root@messagerie-principale[10.10.10.19] ~ # grep 20.89.58.29
/var/log/dovecot.log | head
Oct 13 13:17:53 auth-worker(48469): Info: sql(rai,20.89.58.29): unknown user
Oct 13 13:18:02 auth-worker(48469): Info:
On 9/6/20 10:34 AM, Dan via Fail2ban-users wrote:
On 9/6/2020 3:24 AM, Yassine Chaouche wrote:
The question is : what file should I be patching to see if this solves
my issue ? I have found what seems to be fail2ban python source code
in /usr/share/fail2ban/ but there is no __init__.py
Hello guys,
After receiving more than 15 000 failed logins on my mail server (the
normal is 30-100 / day), I just cheked the logs of fail2ban and found
them empty for today. Unable to understand what happend, I restarted
fail2ban, and got the fail2ban log file populated again, but this caught
I can't talk for fedora, but on debian the jail.conf is the main
configuration file that you should not touch. Your modifications should
go to jail.local.
As for filter.d, it is a directory containing all the necessary regexes
to parse the software log files in search of offending IPs. That
Le 2020-07-08 18:29, Mike a écrit :
> On 7/8/20 3:29 PM, Mike wrote:
> As an aside, instead of using a recidive jail, I've been using a more
> permanent ban of login ports using this system
>
> https://github.com/dpsystems/login-shield
>
> This also includes logging of banned connections and
On 7/8/20 3:29 PM, Mike wrote:
As an aside, instead of using a recidive jail, I've been using a more
permanent ban of login ports using this system
https://github.com/dpsystems/login-shield
This also includes logging of banned connections and some analysis
reports.
That is an
On 7/8/20 9:24 AM, Tom Hendrikx wrote:
Hi Yassine,
The shorewall action does not ban on a per-jail basis, but puts all
ip-addresses on a single blacklist, as that is how shorewall works.
In the original recidive implementation (which I wrote) it was
especially mentioned that you shouldn't
On 7/7/20 5:33 PM, Mike wrote:
This can happen if there is still an active connection with the jailed
IP. f2b only affects future, new connections.
Dear Mike,
This is an excerpt of //usr/share/doc/fail2ban/readme.debian.gz/ from
the 0.8.13 version
* Blocking of NEW connections only
Am 07.07.2020 um 13:32 schrieb Yassine Chaouche:
>
>> Let us examine what f2b logs for 185.143.72.27 say :
>>
>> 1. Is is banned/unbanned by POSTFIX-SASL 4 times
>>
>> 2. on the fifth occurence, it is first banned by the POSTFIX-SASL jail then
>> by the R
Let us examine what f2b logs for 185.143.72.27 say :
1. Is is banned/unbanned by POSTFIX-SASL 4 times
2. on the fifth occurence, it is first banned by the POSTFIX-SASL jail
then by the RECIDIVE jail. Curiously, the RECIDIVE jail doesn't detect
that it has already been banned before. Maybe
On 7/2/20 3:45 PM, Steve Murphy wrote:
We've been having mysterious non-blockages of attacking sites, where
the site was banned in iptables by fail2ban,
but sliding thru the iptables and being "ACCEPT"-ed. The cause? At
least, on CentOS6, where this happens, the connection
tracking isn't
From: Peter Heirich - 2020-07-01 14:22:19
try command
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "SELECT * FROM bans WHERE
jail='recidive';"
I don't have that file in /var/lib/. Also, I can't find any reference to
sqlite or database in the config file.
root@messagerie[10.10.10.19] /var #
I forgot to mention the version of f2b here :
root@messagerie[10.10.10.19] ~ # fail2ban-server --version | sed -n 1p
Fail2Ban v0.8.13
root@messagerie[10.10.10.19] ~ #
Yassine.
On 7/1/20 1:23 PM, Yassine Chaouche wrote:
Dear list,
Here is my problem : I have configured a recidive jail, taken
On 2/28/19 4:28 PM, Nick Howitt wrote:
[...] I am currently under a spam attack with all mails coming from
someth...@qq.com.
root@messagerie[10.10.10.19] ~ # grep reject_senders /etc/postfix/main.cf
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/maps/reject_senders
16 matches
Mail list logo