Package: fail2ban Version: 0.9.0+git48-gabcab00-1 Severity: normal
-- System Information: Debian Release: jessie/sid APT prefers utopic APT policy: (500, 'utopic') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.15.0-6-generic (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages fail2ban depends on: ii init-system-helpers 1.19 ii lsb-base 4.1+Debian11ubuntu8 ii python 2.7.8-1 Versions of packages fail2ban recommends: ii iptables 1.4.21-2ubuntu1 ii python-pyinotify 0.9.4-1build1 ii whois 5.1.4 Versions of packages fail2ban suggests: ii bsd-mailx [mailx] 8.1.2-0.20131005cvs-1 pn python-gamin <none> pn python-systemd <none> ii rsyslog [system-log-daemon] 7.4.4-1ubuntu5 -- no debconf information I have enabled the exim filter within fail2ban, and added a logfile=/var/log/exim4/mainlog entry. I can see that the log file is opened by fail2ban, and it correctly detects when the log file is rotated, however, no lines are matched, meaning nothing gets banned. Here are some log entries which should match: 2014-07-24 07:05:51 H=host28-145-static.87-94-b.business.telecomitalia.it (ElintecGPRS) [94.87.145.28] F=<swoodr...@apprhs.org> rejected RCPT <aar...@kitten.net.au>: Unrouteable address 2014-07-24 07:05:52 H=host28-145-static.87-94-b.business.telecomitalia.it (ElintecGPRS) [94.87.145.28] F=<swoodr...@apprhs.org> rejected RCPT <aaro...@kitten.net.au>: Unrouteable address 2014-07-24 07:19:06 H=(Takaste.unknown.creeperhost.net) [82.145.53.119] F=<lp...@unknown.creeperhost.net> rejected RCPT <mon-petit-monde....@kitten.net.au>: Unrouteable address 2014-07-24 07:22:17 H=dl123149.arvixevps.com [23.91.115.19] F=<rich...@arvixevps.com> rejected RCPT <moda...@kitten.net.au>: Unrouteable address 2014-07-24 07:24:55 H=dl123149.arvixevps.com [23.91.115.19] F=<bellavi...@arvixevps.com> rejected RCPT <3gforffree....@kitten.net.au>: Unrouteable address 2014-07-24 07:40:11 H=(Moodle) [31.222.138.20] F=<colvin...@webtv.net> rejected RCPT <townofbrookneal....@kitten.net.au>: Unrouteable address 2014-07-24 07:41:41 H=dl123149.arvixevps.com [23.91.115.19] F=<animat...@arvixevps.com> rejected RCPT <improvmentscatalog....@kitten.net.au>: Unrouteable address 2014-07-24 07:48:31 H=dl123149.arvixevps.com [23.91.115.19] F=<dr...@arvixevps.com> rejected RCPT <celticcomforts....@kitten.net.au>: Unrouteable address 2014-07-24 08:00:12 H=(Moodle) [31.222.138.20] F=<ll...@mcalistersdeli.com> rejected RCPT <c...@kitten.net.au>: Unrouteable address 2014-07-24 08:06:47 H=dl123149.arvixevps.com [23.91.115.19] F=<j...@arvixevps.com> rejected RCPT <dominicainesdelatrinite....@kitten.net.au>: Unrouteable address 2014-07-24 08:18:32 H=aventure.arvixevps.com [108.175.147.241] F=<k3...@arvixevps.com> rejected RCPT <na...@kitten.net.au>: Unrouteable address 2014-07-24 08:23:28 H=(Moodle) [31.222.138.20] F=<appl...@hkstar.com> rejected RCPT <locator....@kitten.net.au>: Unrouteable address 2014-07-24 08:37:29 H=dl123149.arvixevps.com [23.91.115.19] F=<misha.l...@arvixevps.com> rejected RCPT <19991007103020.a16...@meow.kitten.net.au>: Unrouteable address 2014-07-24 08:47:07 H=dl123149.arvixevps.com [23.91.115.19] F=<clo...@arvixevps.com> rejected RCPT <aol....@kitten.net.au>: Unrouteable address In particular the avixevps ones should have generated a ban. I have not made any changes to the regex for the exim filter, only changed the logfile so that it matches where Debian actually stores the exim logs. Sshd log processing and banning is working correctly, so fail2ban is actually running correctly. Using exim packages 4.83rc3-1. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
