Bom dia. O meu problema também persiste, porém é com o Dovecot. o fail2ban parece não estar ajudando em nada!!!
about user ferra...@exemplo.com.br <ferra...@ferrarte.com.br> dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user mot...@exemplo.com.br <mot...@motivamoveis.com.br> dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user n...@exemplo.com.br <n...@motivamoveis.com.br> dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user mil...@exemplo.com.br <mil...@motivamoveis.com.br> dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user miltonpe...@exemplo.com.br <miltonpe...@ferrarte.com.br> dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user ven...@exemplo.com.br <ven...@ferrarte.com.br> Alguma dica? Lucas Em 29 de abril de 2011 10:03, Alexandre Balistrieri <al.balistri...@inpe.br>escreveu: > Meu problema persiste. > > O fail2ban parece não reagir ou o tempo de ração é muito estranho e ainda > não consegui entender porque não reage. No site diz que o tempo de reação > dele depende muito do syslog bufferizado que no meu caso parece estar > desligado. De qualquer maneira já deixei ele rodando horas e nada de reagir. > > Estou fazendo manualmente a coleta de IPs e incluindo-os numa 'chain' > própria de 'input' no 'iptables'. > > /var/log/mail.warn: > -------------------- > ... > ... > ... > Apr 29 09:21:44 guarani postfix/smtpd[28361]: warning: > unknown[177.16.254.44]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:45 guarani postfix/smtpd[27633]: warning: > unknown[189.99.142.107]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:45 guarani postfix/smtpd[24032]: warning: > unknown[189.26.68.213]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:46 guarani postfix/smtpd[28410]: warning: > unknown[187.43.14.45]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:47 guarani postfix/smtpd[28528]: warning: > unknown[189.105.0.42]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:49 guarani postfix/smtpd[5468]: warning: > unknown[189.114.4.176]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:49 guarani postfix/smtpd[27586]: warning: > unknown[190.27.58.228]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:50 guarani postfix/smtpd[28215]: warning: > unknown[190.122.116.175]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:50 guarani postfix/smtpd[28722]: warning: > unknown[189.81.72.249]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:51 guarani postfix/smtpd[28406]: warning: > unknown[187.43.14.45]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:53 guarani postfix/smtpd[27927]: warning: > unknown[186.220.201.155]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:55 guarani postfix/smtpd[28914]: warning: > unknown[190.172.253.145]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:55 guarani postfix/smtpd[28416]: warning: > unknown[189.70.195.161]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:56 guarani postfix/smtpd[24732]: warning: > 189-46-28-191.dsl.telesp.net.br[189.46.28.191]: SASL LOGIN authentication > failed: authentication failure > Apr 29 09:21:56 guarani postfix/smtpd[27691]: warning: > unknown[201.89.192.3]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:21:57 guarani postfix/smtpd[10908]: warning: > 189-19-227-148.dsl.telesp.net.br[189.19.227.148]: SASL LOGIN > authentication failed: authentication failure > Apr 29 09:22:02 guarani postfix/smtpd[25326]: warning: > unknown[189.13.200.5]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:22:07 guarani postfix/smtpd[28406]: warning: > unknown[190.244.176.248]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:22:09 guarani postfix/smtpd[28832]: warning: > unknown[187.126.5.3]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:22:10 guarani postfix/smtpd[25299]: warning: > unknown[187.74.69.61]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:22:10 guarani postfix/smtpd[27942]: warning: > unknown[190.51.31.87]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:22:10 guarani postfix/smtpd[27873]: warning: > unknown[190.176.157.4]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:22:12 guarani postfix/smtpd[28903]: warning: > unknown[189.104.241.131]: SASL LOGIN authentication failed: authentication > failure > Apr 29 09:22:12 guarani postfix/smtpd[28564]: warning: > unknown[177.27.38.161]: SASL LOGIN authentication failed: authentication > failure > ... > ... > ... > > > /var/log/fail2ban.log: > ---------------------- > ... > ... > 2011-04-29 09:10:49,427 fail2ban.jail : INFO Jail 'sasl-iptables' > started > 2011-04-29 09:15:33,412 fail2ban.jail : INFO Jail 'sasl-iptables' > stopped > 2011-04-29 09:15:33,415 fail2ban.server : INFO Changed logging target to > /var/log/fail2ban.log for Fail2ban v0.8.4 > 2011-04-29 09:15:33,416 fail2ban.jail : INFO Creating new jail > 'sasl-iptables' > 2011-04-29 09:15:33,416 fail2ban.jail : INFO Jail 'sasl-iptables' uses > poller > 2011-04-29 09:15:33,434 fail2ban.filter : INFO Added logfile = > /var/log/mail.warn > 2011-04-29 09:15:33,435 fail2ban.filter : INFO Set maxRetry = 1 > 2011-04-29 09:15:33,437 fail2ban.filter : INFO Set findtime = 600 > 2011-04-29 09:15:33,438 fail2ban.actions: INFO Set banTime = 7200 > 2011-04-29 09:15:33,454 fail2ban.jail : INFO Jail 'sasl-iptables' > started > > > Jail.conf: > ---------- > ... > ... > [sasl-iptables] > > enabled = true > filter = sasl > backend = polling > port = smtp > action = iptables[name=sasl, port=smtp, protocol=tcp] > # sendmail-whois[name=sasl, dest=al.balistri...@inpe.br] > logpath = /var/log/mail.warn > maxretry = 1 > findtime = 600 > bantime = 7200 > ... > ... > ... > [postfix] > > enabled = true > port = smtp > filter = postfix > action = iptables[name=postfix, port=smtp, protocol=tcp] > maxretry = 3 > findtime = 3600 > bantime = 43200 > logpath = /var/log/mail > > > > fail2ban.conf: > --------------- > ... > ... > [Definition] > > loglevel = 3 > > logtarget = /var/log/fail2ban.log > > socket = /var/run/fail2ban/fail2ban.sock > #[SMTP] > #enabled = true > #logfile = /var/log/mail > > > -- > Quam minimum credula postero, carpe diem > []s > Bali - Alexandre Balistrieri > _______________________________________________ > Postfix-BR mailing list > Postfix-BR@listas.softwarelivre.org > http://listas.softwarelivre.org/mailman/listinfo/postfix-br > -- Atenciosamente; Graciously; *Lucas Possamai * http://psyscrew.posterous.com/ "Na palma da tua mão existem sonhos, felicidades e a força que te guia por um caminho, que somente você poderá trilhar, com o olhar tranquilo saberás onde chegar.o fim é apenas mais um ponto para inventar uma nova conquista."* * _______________________________________________ Postfix-BR mailing list Postfix-BR@listas.softwarelivre.org http://listas.softwarelivre.org/mailman/listinfo/postfix-br
