[Dovecot] Fail2ban
Henrique Fernandes
sf.rique at gmail.com
Fri Jun 11 08:16:26 EEST 2010
My regex to fail2ban for dovecot 2.0beta5 in user in sql base work like
this!
failregex = dovecot: auth: sql.*,<HOST>.*: Password mismatch
> dovecot: auth: sql.*,<HOST>.*: unknown user
>
And if you use smtp-auth in postfix truth dovecot here it is my regex for it
failregex = warning:.*\[<HOST>.*: SASL login authentication failed:.*
>
Sorry if this is not what you want!
[]'sf.rique
On Fri, Jun 11, 2010 at 2:00 AM, Jerrale Gayle <
jerralegayle at sheltoncomputers.com> wrote:
> Yeah, you're wrong. With regexp, you can have fail2ban ignore any part of
> the log
> file, as in ANYTHING containing text around anything will be caught. You
> can have fail2ban ban every ip address that shows up in the log!
>
>
>
>
> On 6/10/2010 5:38 PM, fakessh wrote:
>
>> "hi dovecot network
>>
>> the principle of fail2ban is repeated for connections with the same login
>> fail2ban does not work if the attack changes to login every time
>> this type of attack is rather to find valid user accounts"
>>
>>
>
> I may be wrong, I hope I too am a victim of this kind of attacks
>>
>>
>
> Yeah, you're wrong. With regexp, you can have fail2ban ignore any part of
>> the log
>> file, as in ANYTHING containing text around anything will be caught. You
>> can have fail2ban ban every ip address that shows up in the log!
>>
>>
>
>
>
More information about the dovecot
mailing list