Hi,
On 10/04/2013 07:47 AM, Nick Edwards wrote:
For dovecot 2.1
as per wiki2, is this still valid? noticed a problem before and saw it does seem to be triggering, I use:
maxretry = 6 findtime = 600 bantime = 3600
and there was like, 2400 hits in 4 minutes, it is pointing to the correct log file, but I am no expert with fail2ban, so not sure if the log format of today is compatible with the wiki2 entry
filter.d/dovecot.conf [Definition] failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.* ignoreregex =
this is no problem of dovecot. Nevertheless, for analysis, you can use fail2ban-regex when applying your filter to your logfile.
Best regards, Gordon
Universitätsrechenzentrum (URZ) E.-M.-Arndt-Universität Greifswald Felix-Hausdorff-Str. 12 17489 Greifswald Germany
Tel. +49 3834 86 1456 Fax. +49 3834 86 1401