On Mon, December 18, 2017 3:06 am, Alex JOST wrote:
Did you enable the dovecot service in fail2ban? By default all jails are disabled.
/etc/fail2ban/jail.conf: [dovecot] enabled = true
Alex, thanks
no, not in jail.conf, I've put it in the (1) /etc/fail2ban/jail.local
I've also added postfix, that seems to work:
I've made test failed dovecot and postfix from phone/cell connection, I think? postfix one worked, but, nothing registered on dovecot do you know where f2b places bad IPs ? I saw them listed on 'status;, but, couldn't find them in /etc/hosts.deny, not sure if they meant to be there. [and, the device, after failing smtp, could still access http, so not sure if my testing is valid]
# fail2ban-client status Status |- Number of jail: 2 `- Jail list: dovecot-pop3imap, postfx-sasl
# fail2ban-client status postfx-sasl
Status for the jail: postfx-sasl
|- Filter
| |- Currently failed: 0
| |- Total failed: 57
| - File list: /var/log/maillog - Actions
|- Currently banned: 1
|- Total banned: 7
`- Banned IP list: 201.249.46.118
# fail2ban-client status dovecot-pop3imap
Status for the jail: dovecot-pop3imap
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| - File list: /var/log/dovecot.log - Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
(1) # cat jail.local [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap", protocol=tcp] logpath = /var/log/dovecot.log maxretry = 5 findtime = 300 bantime = 3600 ignoreip = 127.0.0.1 127.0.0.0/8
[postfx-sasl] enabled = true filter = postfix-sasl action = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp] # sendmail[name=Postfix, dest=you@mail.com] logpath = /var/log/maillog bantime = 3600 maxretry = 5 ignoreip = 127.0.0.1 127.0.0.0/8