Hi, On 10/04/2013 07:47 AM, Nick Edwards wrote: > For dovecot 2.1 > > as per wiki2, is this still valid? noticed a problem before and saw > it does seem to be triggering, I use: > > maxretry = 6 > findtime = 600 > bantime = 3600 > > and there was like, 2400 hits in 4 minutes, it is pointing to the > correct log file, but I am no expert with fail2ban, so not sure if the > log format of today is compatible with the wiki2 entry > > > filter.d/dovecot.conf > [Definition] > failregex = (?: pop3-login|imap-login): (?:Authentication > failure|Aborted login \(auth failed|Aborted login \(tried to use > disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.* > ignoreregex = >
this is no problem of dovecot. Nevertheless, for analysis, you can use fail2ban-regex when applying your filter to your logfile. Best regards, Gordon -- Universitätsrechenzentrum (URZ) E.-M.-Arndt-Universität Greifswald Felix-Hausdorff-Str. 12 17489 Greifswald Germany Tel. +49 3834 86 1456 Fax. +49 3834 86 1401
smime.p7s
Description: S/MIME Cryptographic Signature
