[Dovecot] Fail2Ban and the Dovecot log

Bjørn T Johansen btj at havleik.no
Tue May 12 11:51:52 EEST 2009


On Mon, 11 May 2009 15:56:45 -0400
Lou Duchez <lou at paprikash.com> wrote:

> Hi,
> 
> Is there any way to disable the "dovecot: " at the beginning of each 
> line of the log?  Fail2Ban responds poorly to it.  I know there are a 
> number of sites with "failregex" strings for Fail2Ban and Dovecot, but 
> I've tried them all, and they don't work, at least with the latest 
> Fail2ban and the latest Dovecot.  The Fail2Ban wiki is pretty clear 
> about why there will be a problem:
> 
> "In order for a log line to match your failregex, it actually has to 
> match in two parts: the beginning of the line has to match a timestamp 
> pattern or regex, and the remainder of the line has to match your 
> failregex.".
> 
> So in other words, Fail2Ban expects that each line of the log will start 
> with a timestamp.
> 
> Thanks all!  Dovecot rocks.
> 

Well, this is not completely true... I have a working fail2ban config using the dovecot log file, not syslog, and it's working fine...
I had to change the date format for the log file, but after doing that, the fail2ban works as it should...

BTJ


More information about the dovecot mailing list