Hi Friends, I am also facing the same problem and i had running IPtables and fail2ban. but still issue was there. Can i run csf also on top of that. Am running centos 6 servers. Appreciate your hep.
On Sun, Oct 13, 2019 at 10:12 PM Tony White <[email protected]> wrote: > Hi, > Correct again but it seems the regex is at fault. > The regex generates no results for courierlogin > nor couriersmtp. > Trying to build a regex for these but it is not my first > language... > > best wishes > Tony White > > On 14/10/19 12:19 am, Solo wrote: > > Hi Tony. > > > > What log do You expect entries in ? fail2ban.log ? > > > > Make sure the regex in the filter.d/*.conf file You use matches the > entries in the log file(s) it monitors > > > > > > A good idea is to test the *.conf file using : > > fail2ban-regex "path to the log to monitor" "path to the fail2ban > filter" > > > > like : fail2ban-regex /var/log/qmail/submission/current > /etc/fail2ban/filter.d/submission.conf > > > > Hope this helps > > > > Cheers > > Finn > > > > Den 13-10-2019 kl. 14:07 skrev Tony White: > >> Hi, > >> Well I have enabled the two in the filter.d directory you mentioned > >> restarted/reloaded fail2ban and no change. Still no entries in the > >> log file. > >> > >> best wishes > >> Tony White > >> > >> On 13/10/19 7:36 pm, Solo wrote: > >> > >>> Hi Tony. > >>> > >>> Have You tried fail2ban ? > >>> > >>> Cheers > >>> Finn > >>> > >>> Den 13-10-2019 kl. 05:01 skrev Tony White: > >>>> Hi folks, > >>>> Sorry to disturb but I have been trying to fix this for two days > now. > >>>> > >>>> My iMap server is methodically (brute force) attacked over many many > ips. > >>>> I have written scripts to auto block the ips but they only try twice > for two > >>>> different names then us a different ip!. > >>>> > >>>> Has anyone encountered this before and did you find a resolution for > it? > >>>> > >>>> Can I add an entry in the run scrip for a LOGIN FAILED to block the ip > >>>> first time it connects? > >>>> > >>>> TIA :) > >>>> > >>>> FYI the email addresses are not even remotely valid but it is > frustrating. > >>>> > >>>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [email protected] > >>> For additional commands, e-mail: > [email protected] > >>> > >>> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: > [email protected] > >> > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- *Regards,Manikandan.C*
