fail2ban setup centos 7 not picking auth fail?

Adi Pircalabu adi at ddns.com.au
Fri May 22 09:01:00 EEST 2020


On 22-05-2020 15:45, Voytek Eymont wrote:
> On Fri, May 22, 2020 2:05 pm, Adi Pircalabu wrote:
>> On 22-05-2020 10:38, Voytek Eymont wrote:
> 
>> 
>> Hardly a Dovecot issue. Can you please post the output of this 
>> command?
>> /usr/bin/fail2ban-regex /var/log/dovecot.log
>> /etc/fail2ban/filter.d/dovecot.conf
> 
> 
> Adi,
> 
> thanks, what I get is:
> 
[...]
> 
> Results
> =======
> 
> Failregex: 5149 total
[...]
> 
> Lines: 338975 lines, 0 ignored, 5149 matched, 333826 missed
> [processed in 87.44 sec]

Right, so it's not a regex problem then, you're getting some matches 
there, although you might want to revisit it it the result is not 
consistent with your own searches. It might be that Dovecot isn't 
logging to systemd' journal, or the regex doesn't match the journal 
entries. Try to comment out "journalmatch = 
_SYSTEMD_UNIT=dovecot.service" entry in your filter file, restart f2b 
and see if there's any change.
P.S. Let's try and keep the replies to the list :)

-- 
Adi Pircalabu


More information about the dovecot mailing list