que maquina é? configuraçao/contas? Atenciosamente, *Gabriel Ricardo.* *Skype:* gricardo87 *MSN:* gricard...@gmail.com *Twitter:* twitter.com/gricardo87 *Blog:* www.tinotapa.com.br
Em 29 de abril de 2011 12:26, Alexandre Balistrieri <al.balistri...@inpe.br>escreveu: > Estava rodando (conferi com fail2ban-client status, e tbm conferi o > processo na memória), agora não está mais. Não tenho total autonomia na > máquina e o chefe do suporte pediu pra parar de roda-lo pq o fail2ban estava > atrasando o SMTP, não consegui conferir isso pois estava em outro lugar. > > Fizemos um rápido script pra coletar os IPs e inserir os DROPs no iptables > periodicamente. > > Enfim, parei a execução dele e vou usa-lo em teste em outra máquina pra ver > o que acontece retornando com pedido de ajuda se precisar. > > Muito obrigado mesmo a todos pela ajuda. > > Em sex 29 abr 2011, às 10:43:51, Marcelo escreveu: > > Alexandre, > > > > pergunta idiota... o fail2ban tá rodando? > > > > o que aparece no log do fail2ban? vc consegue gerar um "bloqueio" para > > teste? > > > > Abraços, > > Marcelo > > > > Alexandre Balistrieri wrote: > > > Meu problema persiste. > > > > > > O fail2ban parece não reagir ou o tempo de ração é muito estranho e > ainda não consegui entender porque não reage. No site diz que o tempo de > reação dele depende muito do syslog bufferizado que no meu caso parece estar > desligado. De qualquer maneira já deixei ele rodando horas e nada de reagir. > > > > > > Estou fazendo manualmente a coleta de IPs e incluindo-os numa 'chain' > própria de 'input' no 'iptables'. > > > > > > /var/log/mail.warn: > > > -------------------- > > > ... > > > ... > > > ... > > > Apr 29 09:21:44 guarani postfix/smtpd[28361]: warning: > unknown[177.16.254.44]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:45 guarani postfix/smtpd[27633]: warning: > unknown[189.99.142.107]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:45 guarani postfix/smtpd[24032]: warning: > unknown[189.26.68.213]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:46 guarani postfix/smtpd[28410]: warning: > unknown[187.43.14.45]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:47 guarani postfix/smtpd[28528]: warning: > unknown[189.105.0.42]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:49 guarani postfix/smtpd[5468]: warning: > unknown[189.114.4.176]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:49 guarani postfix/smtpd[27586]: warning: > unknown[190.27.58.228]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:50 guarani postfix/smtpd[28215]: warning: > unknown[190.122.116.175]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:50 guarani postfix/smtpd[28722]: warning: > unknown[189.81.72.249]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:51 guarani postfix/smtpd[28406]: warning: > unknown[187.43.14.45]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:53 guarani postfix/smtpd[27927]: warning: > unknown[186.220.201.155]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:55 guarani postfix/smtpd[28914]: warning: > unknown[190.172.253.145]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:55 guarani postfix/smtpd[28416]: warning: > unknown[189.70.195.161]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:56 guarani postfix/smtpd[24732]: warning: > 189-46-28-191.dsl.telesp.net.br[189.46.28.191]: SASL LOGIN authentication > failed: authentication failure > > > Apr 29 09:21:56 guarani postfix/smtpd[27691]: warning: > unknown[201.89.192.3]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:21:57 guarani postfix/smtpd[10908]: warning: > 189-19-227-148.dsl.telesp.net.br[189.19.227.148]: SASL LOGIN > authentication failed: authentication failure > > > Apr 29 09:22:02 guarani postfix/smtpd[25326]: warning: > unknown[189.13.200.5]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:22:07 guarani postfix/smtpd[28406]: warning: > unknown[190.244.176.248]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:22:09 guarani postfix/smtpd[28832]: warning: > unknown[187.126.5.3]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:22:10 guarani postfix/smtpd[25299]: warning: > unknown[187.74.69.61]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:22:10 guarani postfix/smtpd[27942]: warning: > unknown[190.51.31.87]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:22:10 guarani postfix/smtpd[27873]: warning: > unknown[190.176.157.4]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:22:12 guarani postfix/smtpd[28903]: warning: > unknown[189.104.241.131]: SASL LOGIN authentication failed: authentication > failure > > > Apr 29 09:22:12 guarani postfix/smtpd[28564]: warning: > unknown[177.27.38.161]: SASL LOGIN authentication failed: authentication > failure > > > ... > > > ... > > > ... > > > > > > > > > /var/log/fail2ban.log: > > > ---------------------- > > > ... > > > ... > > > 2011-04-29 09:10:49,427 fail2ban.jail : INFO Jail 'sasl-iptables' > started > > > 2011-04-29 09:15:33,412 fail2ban.jail : INFO Jail 'sasl-iptables' > stopped > > > 2011-04-29 09:15:33,415 fail2ban.server : INFO Changed logging target > to /var/log/fail2ban.log for Fail2ban v0.8.4 > > > 2011-04-29 09:15:33,416 fail2ban.jail : INFO Creating new jail > 'sasl-iptables' > > > 2011-04-29 09:15:33,416 fail2ban.jail : INFO Jail 'sasl-iptables' > uses poller > > > 2011-04-29 09:15:33,434 fail2ban.filter : INFO Added logfile = > /var/log/mail.warn > > > 2011-04-29 09:15:33,435 fail2ban.filter : INFO Set maxRetry = 1 > > > 2011-04-29 09:15:33,437 fail2ban.filter : INFO Set findtime = 600 > > > 2011-04-29 09:15:33,438 fail2ban.actions: INFO Set banTime = 7200 > > > 2011-04-29 09:15:33,454 fail2ban.jail : INFO Jail 'sasl-iptables' > started > > > > > > > > > Jail.conf: > > > ---------- > > > ... > > > ... > > > [sasl-iptables] > > > > > > enabled = true > > > filter = sasl > > > backend = polling > > > port = smtp > > > action = iptables[name=sasl, port=smtp, protocol=tcp] > > > # sendmail-whois[name=sasl, dest=al.balistri...@inpe.br] > > > logpath = /var/log/mail.warn > > > maxretry = 1 > > > findtime = 600 > > > bantime = 7200 > > > ... > > > ... > > > ... > > > [postfix] > > > > > > enabled = true > > > port = smtp > > > filter = postfix > > > action = iptables[name=postfix, port=smtp, protocol=tcp] > > > maxretry = 3 > > > findtime = 3600 > > > bantime = 43200 > > > logpath = /var/log/mail > > > > > > > > > > > > fail2ban.conf: > > > --------------- > > > ... > > > ... > > > [Definition] > > > > > > loglevel = 3 > > > > > > logtarget = /var/log/fail2ban.log > > > > > > socket = /var/run/fail2ban/fail2ban.sock > > > #[SMTP] > > > #enabled = true > > > #logfile = /var/log/mail > > > > > > > > > > > > > --------------------------------------------------------------------- > > Esta mensagem pode conter informacao confidencial. > > Se voce nao for o destinatario ou a pessoa autorizada a receber > > esta mensagem, nao podera usar, copiar ou divulgar as informacoes nela > > contidas ou tomar qualquer acao baseada nessas informacoes. Se > > voce recebeu esta mensagem por engano, favor avisar imediatamente o > > remetente, respondendo o e-mail e, em seguida, apague-o. > > Agradecemos sua cooperacao. > > > > This message may contain confidential information. > > If you are not the addressee or authorized person to receive it for the > > addressee, you must not use, copy, disclose or take any action based on > > this message or any information herein. If you have received this message > > in error, please advise the sender immediately by replying this e-mail > > message and delete it. > > Thanks in advance for your cooperation. > > ---------------------------------------------------------------------- > > BIOTERIO Faculdade de Medicina USP > > ---------------------------------------------------------------------- > > > > > > -- > Quam minimum credula postero, carpe diem > []s > Bali - Alexandre Balistrieri > _______________________________________________ > Postfix-BR mailing list > Postfix-BR@listas.softwarelivre.org > http://listas.softwarelivre.org/mailman/listinfo/postfix-br > _______________________________________________ Postfix-BR mailing list Postfix-BR@listas.softwarelivre.org http://listas.softwarelivre.org/mailman/listinfo/postfix-br
