I am running fail2ban 0.10.2-2 on a Debian testing email server running
sendmail and use fail2ban as part of an IDS against botnet attacks.
Recidive finds and correctly matches the fail2ban-server sendmail bans in
fail2ban.log but also matches and records the fail2ban-server PID in the log
Amir Caspi wrote:
> Well, I've figured out the problem -- it's a bug in fail2ban's systemd
> backend. Specifically, when a matching logline is created after the
> offending connection has already closed, f2b fails to respond when using
> the systemd backend. If the logline is created while the