Re: [Fail2ban-users] dovecot and postfix jail with extra SSL logging

Mystery solved. Debian defaults to sshd enabled :) # cat jail.d/defaults-debian.conf [sshd] enabled = true I’ll move my changes into jail.local. Many thanks for your help Rene. Night, Sophie > On 13 Mar 2018, at 23:46, René Berber wrote: > > On 3/13/2018 4:39

Re: [Fail2ban-users] dovecot and postfix jail with extra SSL logging

On 3/13/2018 4:39 PM, Sophie Loewenthal wrote: > Changed it to this in jail.conf and restarted and dovecot jail is not active. Side note: you shouldn't use jail.conf, use your own jail.local (jail.conf gets overwritten on version update). > [dovecot] > enable = true > port= imap,imaps,sieve

Re: [Fail2ban-users] dovecot and postfix jail with extra SSL logging

Found a workaround. I have this: jail.conf [dovecot] port= imap,imaps,sieve logpath = %(syslog_mail)s backend = %(dovecot_backend)s jail.local [dovecot] enabled = true # fail2ban-client status Status |- Number of jail: 4 `- Jail list: dovecot, nginx-x00, postfix-auth, sshd >

Re: [Fail2ban-users] dovecot and postfix jail with extra SSL logging

Changed it to this in jail.conf and restarted and dovecot jail is not active. [dovecot] enable = true port= imap,imaps,sieve logpath = %(syslog_mail)s backend = %(dovecot_backend)s # fail2ban-client status Status |- Number of jail: 3 `- Jail list: nginx-x00, postfix-auth, sshd I

Re: [Fail2ban-users] dovecot and postfix jail with extra SSL logging

Sorry was sent offlist accidentally. List looped back in. > On 13 Mar 2018, at 23:25, Sophie Loewenthal wrote: > > Hi Rene, Is this case for everything now? I don’t have an 'enabled = true' > for sshd for example and the jail stared. > > # grep 'enabled = true' *.conf

Re: [Fail2ban-users] dovecot and postfix jail with extra SSL logging

On 3/13/2018 4:25 PM, Sophie Loewenthal wrote: > Hi Rene, Is this case for everything now? I don’t have an 'enabled = true' > for sshd for example and the jail stared. Depends on the version, but you also probably have this on jail.conf : # "enabled" enables the jails. # By default all

Re: [Fail2ban-users] dovecot and postfix jail with extra SSL logging

On 3/13/2018 4:09 PM, Sophie Loewenthal wrote: > Thanks Bill. I’ve put them in and shall see how they work.  > >  I realised that default Debian file location for dovecot is mail.warn, > which I don’t use. Everything goes into mail.log so it’s all in one > place. I changed Dovecot’s entry to

Re: [Fail2ban-users] dovecot and postfix jail with extra SSL logging

Thanks Bill. I’ve put them in and shall see how they work. I realised that default Debian file location for dovecot is mail.warn, which I don’t use. Everything goes into mail.log so it’s all in one place. I changed Dovecot’s entry to mail.log: [dovecot] ... #logpath = %(dovecot_log)s

Re: [Fail2ban-users] dovecot and postfix jail with extra SSL logging

Here's what I use for Dovecot: failregex = auth:.+dovecot:auth.+authentication\s+failure;.+rhost=     dovecot:.+rip=.+wrong version number     dovecot:.+tried to use disallowed plaintext auth.+rip=     dovecot:.+auth failed.+rip=     dovecot:.+no auth attemps.+rip=

Re: [Fail2ban-users] dovecot and postfix jail with extra SSL logging

Hi Tom, > Please keep replies on-list, don't e-mail me privately. A mistake & my apologies. Fail2ban mailing list sets the From address as the senders email, not the list’s email. Pressing Reply will reply to your private email. The To: has to be manually edited on each reply :( Dovecor

Re: [Fail2ban-users] dovecot and postfix jail with extra SSL logging

Hi, Please keep replies on-list, don't e-mail me privately. Can you post: - OS version you're running - fail2ban version you're running - contents of the /etc/fail2ban/filter.d/dovecot.conf file, so we can extend the current regex For nginx, please create a new thread and supply the same