There is nothing in your pre-existing filters which matches. Only one
line caters for "conn unix:auth-worker" and that looks malformed as it
does not have the "%(__prefix_line)s" bit. It would then fail as there
is no match for "(pid=1754,uid=94):" and it fails again after matching
the IP addre
Yip that's gone and done it! Thank you Nick.
The question is why? All the other regex's should be good too ...
Anyway, no looking gift horses in the mouth. Who are we to question? : )
Thanks once again,
Regards, Robby
On Wed, 25 Jan 2023 at 14:29, Nick Howitt via Fail2ban-users <
fail2ban-use
Thanks Finn,
But dovecot is configure for logging to /var/log/maillog*
This is not a matter of fail2ban not finding the logs as a regex test
returns with a match, just not the one I want.
Regards and thanks
On Wed, 25 Jan 2023 at 14:39, fail2ban--- via Fail2ban-users <
fail2ban-users@lists.sou
Hi Robby.
I think You have to use the /var/log/dovecot.log file (change in Your
jail.local or jail.conf)
Hope it helps
/Finn
Den 25-01-2023 kl. 12:05 skrev Robby Pedrica:
Hi all,
I'd appreciate some help with a regex on dovecot that I can't seem to
get right. Config is ...
patform: slac
On 25/01/2023 11:05, Robby Pedrica wrote:
Hi all,
I'd appreciate some help with a regex on dovecot that I can't seem to
get right. Config is ...
patform: slackware 15 64bit
fail2ban: v0.9.4
dovecot.conf:
[INCLUDES]
before = common.conf
[Definition]
_daemon = (auth|dovecot(-auth)?|auth-wo
Hi again.
FYI
You can do testing like this:
fail2ban-regex /path to logfile/ /path to filter/
for You properly :
fail2ban-regex /var/log/dovecot.log /etc/fail2ban/filter.d/dovecot.conf
Cheers,
Finn
Den 25-01-2023 kl. 12:05 skrev Robby Pedrica:
Hi all,
I'd appreciate some help with a rege
This is on 0.8, slackware 15.0
I had problems with 0.9, even on centos, so stuck with 0.8
[Definition]
failregex = ^(?: auth-worker.*\)).* sql\(.*,\): unknown user
^(?: auth-worker.*\)).* sql\(.*,,.*\): unknown user .*$
^(?: auth-worker.*\)).* sql\(.*,,.*\): Password mismatch .*$
^(?: imap-logi
Hi all,
I'd appreciate some help with a regex on dovecot that I can't seem to get
right. Config is ...
patform: slackware 15 64bit
fail2ban: v0.9.4
dovecot.conf:
[INCLUDES]
before = common.conf
[Definition]
_daemon = (auth|dovecot(-auth)?|auth-worker)
failregex =
^%(__prefix_line)s(%(__pam_
