4 Oct
2013
4 Oct
'13
8:47 a.m.
For dovecot 2.1
as per wiki2, is this still valid? noticed a problem before and saw it does seem to be triggering, I use:
maxretry = 6 findtime = 600 bantime = 3600
and there was like, 2400 hits in 4 minutes, it is pointing to the correct log file, but I am no expert with fail2ban, so not sure if the log format of today is compatible with the wiki2 entry
filter.d/dovecot.conf [Definition] failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.* ignoreregex =