If you are using chkuser the user not found should never get pass the initial
smtp.
Remo
> On Jun 3, 2020, at 22:34, Noriyuki Hayashi wrote:
>
> Hi
>
> What about below?
>
> [Definition]
>
> # Option: failregex
> # Notes.: regex to match the password failures messages in the logfile.
> #
Hi
What about below?
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT
#
failregex = vchkpw-pop3: vpopmail user not found .*@.*:$
vchkpw-pop3: vpopmail user not found .*@:$
vchkpw-pop3: vpopmail user
Nice work. I will take a look and try it out.
> Il giorno 3 giu 2020, alle ore 17:52, Gary Bowling ha scritto:
>
>
>
>
> It seems to work. I'm also using the /etc/fail2ban/filter.d/dovecot.conf that
> is included with fail2ban. That should catch attempts on imap and pop3, but
> I've
It seems to work. I'm also using the
/etc/fail2ban/filter.d/dovecot.conf that is included with
fail2ban. That should catch attempts on imap and pop3, but I've
never had it actually trap anything. So I'm guessing there is
something not quite right about
Nice, easier than mine.
On 6/3/2020 6:27 PM, Gary Bowling wrote:
Sure, here's my /etc/fail2ban/filter.d/vpopmail.conf
[INCLUDES]
before = common.conf
# vi /etc/fail2ban/filter.d/vpopmail.conf:
[Definition]
failregex = vchkpw-smtp: vpopmail user not found .*:$
vchkpw-submission:
Sure, here's my /etc/fail2ban/filter.d/vpopmail.conf
[INCLUDES]
before = common.conf
# vi /etc/fail2ban/filter.d/vpopmail.conf:
[Definition]
failregex = vchkpw-smtp: vpopmail user not found .*:$
vchkpw-submission:
can you share your vpopmail rules for fail2ban, config and regex?
On 6/3/2020 5:48 PM, Gary Bowling wrote:
FYI in case someone else can use this info.
In my recent review of my server and trying to tighten up security. I
noticed that there were a number of IPs that showed up regularly in my
FYI in case someone else can use this info.
In my recent review of my server and trying to tighten up
security. I noticed that there were a number of IPs that showed up
regularly in my fail2ban firewall rules. I have a fail2ban jail
for vpopmail