[Dovecot] fail2ban
Gordon Grubert
gordon.grubert+lists at uni-greifswald.de
Fri Oct 4 22:55:18 EEST 2013
Hi,
On 10/04/2013 07:47 AM, Nick Edwards wrote:
> For dovecot 2.1
>
> as per wiki2, is this still valid? noticed a problem before and saw
> it does seem to be triggering, I use:
>
> maxretry = 6
> findtime = 600
> bantime = 3600
>
> and there was like, 2400 hits in 4 minutes, it is pointing to the
> correct log file, but I am no expert with fail2ban, so not sure if the
> log format of today is compatible with the wiki2 entry
>
>
> filter.d/dovecot.conf
> [Definition]
> failregex = (?: pop3-login|imap-login): (?:Authentication
> failure|Aborted login \(auth failed|Aborted login \(tried to use
> disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
> ignoreregex =
>
this is no problem of dovecot. Nevertheless, for analysis, you can use
fail2ban-regex when applying your filter to your logfile.
Best regards,
Gordon
--
Universitätsrechenzentrum (URZ)
E.-M.-Arndt-Universität Greifswald
Felix-Hausdorff-Str. 12
17489 Greifswald
Germany
Tel. +49 3834 86 1456
Fax. +49 3834 86 1401
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20131004/89c4e4e8/attachment.bin>
More information about the dovecot
mailing list