Meu problema persiste. O fail2ban parece não reagir ou o tempo de ração é muito estranho e ainda não consegui entender porque não reage. No site diz que o tempo de reação dele depende muito do syslog bufferizado que no meu caso parece estar desligado. De qualquer maneira já deixei ele rodando horas e nada de reagir.
Estou fazendo manualmente a coleta de IPs e incluindo-os numa 'chain' própria de 'input' no 'iptables'. /var/log/mail.warn: -------------------- ... ... ... Apr 29 09:21:44 guarani postfix/smtpd[28361]: warning: unknown[177.16.254.44]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:45 guarani postfix/smtpd[27633]: warning: unknown[189.99.142.107]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:45 guarani postfix/smtpd[24032]: warning: unknown[189.26.68.213]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:46 guarani postfix/smtpd[28410]: warning: unknown[187.43.14.45]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:47 guarani postfix/smtpd[28528]: warning: unknown[189.105.0.42]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:49 guarani postfix/smtpd[5468]: warning: unknown[189.114.4.176]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:49 guarani postfix/smtpd[27586]: warning: unknown[190.27.58.228]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:50 guarani postfix/smtpd[28215]: warning: unknown[190.122.116.175]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:50 guarani postfix/smtpd[28722]: warning: unknown[189.81.72.249]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:51 guarani postfix/smtpd[28406]: warning: unknown[187.43.14.45]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:53 guarani postfix/smtpd[27927]: warning: unknown[186.220.201.155]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:55 guarani postfix/smtpd[28914]: warning: unknown[190.172.253.145]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:55 guarani postfix/smtpd[28416]: warning: unknown[189.70.195.161]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:56 guarani postfix/smtpd[24732]: warning: 189-46-28-191.dsl.telesp.net.br[189.46.28.191]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:56 guarani postfix/smtpd[27691]: warning: unknown[201.89.192.3]: SASL LOGIN authentication failed: authentication failure Apr 29 09:21:57 guarani postfix/smtpd[10908]: warning: 189-19-227-148.dsl.telesp.net.br[189.19.227.148]: SASL LOGIN authentication failed: authentication failure Apr 29 09:22:02 guarani postfix/smtpd[25326]: warning: unknown[189.13.200.5]: SASL LOGIN authentication failed: authentication failure Apr 29 09:22:07 guarani postfix/smtpd[28406]: warning: unknown[190.244.176.248]: SASL LOGIN authentication failed: authentication failure Apr 29 09:22:09 guarani postfix/smtpd[28832]: warning: unknown[187.126.5.3]: SASL LOGIN authentication failed: authentication failure Apr 29 09:22:10 guarani postfix/smtpd[25299]: warning: unknown[187.74.69.61]: SASL LOGIN authentication failed: authentication failure Apr 29 09:22:10 guarani postfix/smtpd[27942]: warning: unknown[190.51.31.87]: SASL LOGIN authentication failed: authentication failure Apr 29 09:22:10 guarani postfix/smtpd[27873]: warning: unknown[190.176.157.4]: SASL LOGIN authentication failed: authentication failure Apr 29 09:22:12 guarani postfix/smtpd[28903]: warning: unknown[189.104.241.131]: SASL LOGIN authentication failed: authentication failure Apr 29 09:22:12 guarani postfix/smtpd[28564]: warning: unknown[177.27.38.161]: SASL LOGIN authentication failed: authentication failure ... ... ... /var/log/fail2ban.log: ---------------------- ... ... 2011-04-29 09:10:49,427 fail2ban.jail : INFO Jail 'sasl-iptables' started 2011-04-29 09:15:33,412 fail2ban.jail : INFO Jail 'sasl-iptables' stopped 2011-04-29 09:15:33,415 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4 2011-04-29 09:15:33,416 fail2ban.jail : INFO Creating new jail 'sasl-iptables' 2011-04-29 09:15:33,416 fail2ban.jail : INFO Jail 'sasl-iptables' uses poller 2011-04-29 09:15:33,434 fail2ban.filter : INFO Added logfile = /var/log/mail.warn 2011-04-29 09:15:33,435 fail2ban.filter : INFO Set maxRetry = 1 2011-04-29 09:15:33,437 fail2ban.filter : INFO Set findtime = 600 2011-04-29 09:15:33,438 fail2ban.actions: INFO Set banTime = 7200 2011-04-29 09:15:33,454 fail2ban.jail : INFO Jail 'sasl-iptables' started Jail.conf: ---------- ... ... [sasl-iptables] enabled = true filter = sasl backend = polling port = smtp action = iptables[name=sasl, port=smtp, protocol=tcp] # sendmail-whois[name=sasl, dest=al.balistri...@inpe.br] logpath = /var/log/mail.warn maxretry = 1 findtime = 600 bantime = 7200 ... ... ... [postfix] enabled = true port = smtp filter = postfix action = iptables[name=postfix, port=smtp, protocol=tcp] maxretry = 3 findtime = 3600 bantime = 43200 logpath = /var/log/mail fail2ban.conf: --------------- ... ... [Definition] loglevel = 3 logtarget = /var/log/fail2ban.log socket = /var/run/fail2ban/fail2ban.sock #[SMTP] #enabled = true #logfile = /var/log/mail -- Quam minimum credula postero, carpe diem []s Bali - Alexandre Balistrieri _______________________________________________ Postfix-BR mailing list Postfix-BR@listas.softwarelivre.org http://listas.softwarelivre.org/mailman/listinfo/postfix-br
