In "jail.conf" I use:

15 Sep 2008 · *passwd.*


      Does anyone have the filter strings for Fail2Ban 0.8 to block Dovecot 1.1 login
failures?
Thanks!
Ciao,
luigi
--
/
+--[Luigi Rosa]--
\
If the odds are a million to one against something occurring,
chances are 50-50 it will.

[Dovecot] fail2ban 0.8

Luigi Rosa

Bill Landry

In "jail.conf" I use:

enabled = true filter = dovecot action = iptables-multiport[name=Dovecot, port="imap,imaps", protocol=tcp] sendmail-whois[name=Dovecot, dest=someone@yourdomain.com, sender=root@yourdomain.com] logpath = /var/log/dovecot maxretry = 3 bantime = 3600

You will need to modify the entries shown above based on your own configuration. Then in "dovecot.conf" I use:

failregex = mail dovecot.passwd.,<HOST>\).*(unknown user|Password mismatch)

Luigi Rosa

tags

participants (2)

[Dovecot] fail2ban 0.8

Luigi Rosa

Bill Landry

In "jail.conf" I use:

enabled = true filter = dovecot action = iptables-multiport[name=Dovecot, port="imap,imaps", protocol=tcp] sendmail-whois[name=Dovecot, dest=someone@yourdomain.com, sender=root@yourdomain.com] logpath = /var/log/dovecot maxretry = 3 bantime = 3600

You will need to modify the entries shown above based on your own configuration. Then in "dovecot.conf" I use:

failregex = mail dovecot.*passwd.*,<HOST>\).*(unknown user|Password mismatch)

Luigi Rosa

tags

participants (2)

failregex = mail dovecot.passwd.,<HOST>\).*(unknown user|Password mismatch)