fail2ban setup centos 7 not picking auth fail?
lists
lists at lazygranch.com
Fri May 22 09:22:04 EEST 2020
I use SSHGuard on well ssh (doh!), but supposedly you can use it for postfix and dovecot also. I can tell you it is well supported. I am on Centos 7 using firewalld.
Original Message
From: adi at ddns.com.au
Sent: May 21, 2020 11:01 PM
To: voytek at sbt.net.au
Cc: dovecot at dovecot.org
Subject: Re: fail2ban setup centos 7 not picking auth fail?
On 22-05-2020 15:45, Voytek Eymont wrote:
> On Fri, May 22, 2020 2:05 pm, Adi Pircalabu wrote:
>> On 22-05-2020 10:38, Voytek Eymont wrote:
>
>>
>> Hardly a Dovecot issue. Can you please post the output of this
>> command?
>> /usr/bin/fail2ban-regex /var/log/dovecot.log
>> /etc/fail2ban/filter.d/dovecot.conf
>
>
> Adi,
>
> thanks, what I get is:
>
[...]
>
> Results
> =======
>
> Failregex: 5149 total
[...]
>
> Lines: 338975 lines, 0 ignored, 5149 matched, 333826 missed
> [processed in 87.44 sec]
Right, so it's not a regex problem then, you're getting some matches
there, although you might want to revisit it it the result is not
consistent with your own searches. It might be that Dovecot isn't
logging to systemd' journal, or the regex doesn't match the journal
entries. Try to comment out "journalmatch =
_SYSTEMD_UNIT=dovecot.service" entry in your filter file, restart f2b
and see if there's any change.
P.S. Let's try and keep the replies to the list :)
--
Adi Pircalabu
More information about the dovecot
mailing list