-------- Original Message --------
*Subject: * Re: [Fail2ban-users] Problems with dovecot filter
*From: * Jim Wright <j...@themailshack.com>
*To: * Fail2ban-users <fail2ban-users@lists.sourceforge.net>
*CC: *
*Date: * 2023-5-2 10:02 PM
That's why I created my own dovecot jail, and postfix jail.
As seen in the recent thread "fail2ban-regex maches, but fail2ban does not"
From what I can see with the updated version, fail2ban version 1.0.2-3.el8, I'm getting matches now against
auth-worker, so that part is resolved.
But I'm still not having anything hit the jail, and from what I can tell, I should be. One particular IP is coming up
several times over the last few days. And my jail is set to a findtime of 240 hours, so this 'should' be getting
jailed. I'm stumped on why this particular jail isn't working still.
From jail.local:
[dovecot]
enabled = true
filter = dovecot
logpath = /var/log/dovecot.log
maxretry = 3
findtime = 240h
bantime = 10m
bantime.factor = 1
Change maxretry to 1
Fail2ban-client will need to be restarted.
Here is how I do it (using your jail) :
{
fail2ban-client stop
cat > /etc/fail2ban/jail.local << "EOF"
<Defaults here>
> [dovecot]
> enabled = true
> filter = dovecot
> logpath = /var/log/dovecot.log
> maxretry = 1
> findtime = 240h
> bantime = 10m
> bantime.factor = 1
<the other jails too>
EOF
fail2ban-client start
}
# Note: the above overwrites /etc/fail2ban/jail.local. So make sure you don't overwrite something that you don't want
overwritten.
Does /var/log/fail2ban.log show it finding the IP?
Mine was not even finding the IP until for some reason (maybe server update) it
started finding it again.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
