On 07/07/2014 14:22, Silvio Siefke wrote:
service imap-login { port = 12520
inet_listener imaps { port = 12550
<fail2ban> [dovecot] enabled = true filter = dovecot action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp] logpath = /var/log/mail.log
Silvio, one reason why fail 2 ban is not trapping those may be because: (a) in Dovecot you have defined your imap and imaps services to be ports around 125x0, whereas (b) in fail2ban you have relied on the standard imap and imaps definitions, which are 143 (I think) and 993
Might you need to enter 12520 and 12550 in your fail2ban stanza, instead of imap and imaps? Just an idea, I could be wrong; I've never set that up, myself.
You mention vpn. There may also be a second problem with your network anyway, if 12520 and 12550 are vpn ports, because external traffic should not be able to appear on those, unless a vpn entry is compromised, somewhere. (That is, assuming there is a separate vpn access control system outside of Dovecot.)
regards, Ron