Mystery solved. Debian defaults to sshd enabled :)
# cat jail.d/defaults-debian.conf
[sshd]
enabled = true
I’ll move my changes into jail.local.
Many thanks for your help Rene.
Night,
Sophie
> On 13 Mar 2018, at 23:46, René Berber wrote:
>
> On 3/13/2018 4:39
On 3/13/2018 4:39 PM, Sophie Loewenthal wrote:
> Changed it to this in jail.conf and restarted and dovecot jail is not active.
Side note: you shouldn't use jail.conf, use your own jail.local
(jail.conf gets overwritten on version update).
> [dovecot]
> enable = true
> port= imap,imaps,sieve
Found a workaround. I have this:
jail.conf
[dovecot]
port= imap,imaps,sieve
logpath = %(syslog_mail)s
backend = %(dovecot_backend)s
jail.local
[dovecot]
enabled = true
# fail2ban-client status
Status
|- Number of jail: 4
`- Jail list: dovecot, nginx-x00, postfix-auth, sshd
>
Changed it to this in jail.conf and restarted and dovecot jail is not active.
[dovecot]
enable = true
port= imap,imaps,sieve
logpath = %(syslog_mail)s
backend = %(dovecot_backend)s
# fail2ban-client status
Status
|- Number of jail: 3
`- Jail list: nginx-x00, postfix-auth, sshd
I
Sorry was sent offlist accidentally. List looped back in.
> On 13 Mar 2018, at 23:25, Sophie Loewenthal wrote:
>
> Hi Rene, Is this case for everything now? I don’t have an 'enabled = true'
> for sshd for example and the jail stared.
>
> # grep 'enabled = true' *.conf
On 3/13/2018 4:25 PM, Sophie Loewenthal wrote:
> Hi Rene, Is this case for everything now? I don’t have an 'enabled = true'
> for sshd for example and the jail stared.
Depends on the version, but you also probably have this on jail.conf :
# "enabled" enables the jails.
# By default all
On 3/13/2018 4:09 PM, Sophie Loewenthal wrote:
> Thanks Bill. I’ve put them in and shall see how they work.
>
> I realised that default Debian file location for dovecot is mail.warn,
> which I don’t use. Everything goes into mail.log so it’s all in one
> place. I changed Dovecot’s entry to
Thanks Bill. I’ve put them in and shall see how they work.
I realised that default Debian file location for dovecot is mail.warn, which I
don’t use. Everything goes into mail.log so it’s all in one place. I changed
Dovecot’s entry to mail.log:
[dovecot]
...
#logpath = %(dovecot_log)s
Here's what I use for Dovecot:
failregex = auth:.+dovecot:auth.+authentication\s+failure;.+rhost=
dovecot:.+rip=.+wrong version number
dovecot:.+tried to use disallowed plaintext auth.+rip=
dovecot:.+auth failed.+rip=
dovecot:.+no auth attemps.+rip=
Hi Tom,
> Please keep replies on-list, don't e-mail me privately.
A mistake & my apologies. Fail2ban mailing list sets the From address as the
senders email, not the list’s email. Pressing Reply will reply to your private
email. The To: has to be manually edited on each reply :(
Dovecor
Hi,
Please keep replies on-list, don't e-mail me privately.
Can you post:
- OS version you're running
- fail2ban version you're running
- contents of the /etc/fail2ban/filter.d/dovecot.conf file, so we can
extend the current regex
For nginx, please create a new thread and supply the same
11 matches
Mail list logo