On Sun, 2009-05-17 at 15:28 -0400, Lou Duchez wrote:
> > Yeah. I don't know what I was thinking when I made it work like that.
> >
> I know what you were thinking: if dovecot is writing to a log such as
> "mylogfile.log", and other utilities are also writing to
> "mylogfile.log", it's good to
Timo Sirainen wrote:
> On Mon, 2009-05-11 at 14:48 -0700, Bill Landry wrote:
>>> If you log via syslog, the timestamp will be at the beginning of line.
>>
>> Well, then that would explain it. Maybe it would be a good idea then to
>> remove the "dovecot: " from the beginning of each log line when n
Yeah. I don't know what I was thinking when I made it work like that.
I know what you were thinking: if dovecot is writing to a log such as
"mylogfile.log", and other utilities are also writing to
"mylogfile.log", it's good to know which lines are dovecot.
But I am satisfied with using sy
On Mon, 2009-05-11 at 14:48 -0700, Bill Landry wrote:
> > If you log via syslog, the timestamp will be at the beginning of line.
>
> Well, then that would explain it. Maybe it would be a good idea then to
> remove the "dovecot: " from the beginning of each log line when not
> using syslog for log
Ed W wrote:
Just when I think I've achieved ultimate pefection on this, someone
comes along with a great idea. Thanks!
...
action = iptables-multiport[name=smtppop3imap,
port="smtp,pop3,imap", protocol=tcp]
Can I suggest the name "mail" would summarise the stack of items above?
Did you
Just when I think I've achieved ultimate pefection on this, someone
comes along with a great idea. Thanks!
...
action = iptables-multiport[name=smtppop3imap,
port="smtp,pop3,imap", protocol=tcp]
Can I suggest the name "mail" would summarise the stack of items above?
Did you test this - i
Ed W wrote:
Lou Duchez wrote:
So any failure at any of the three protocols (SMTP, POP3, IMAP) is
considered a "strike" by all three, and they should all ban the same
guys at the same time. This is as yet untested, but seems like it
should be pretty sound.
I think you only need one service
Lou Duchez wrote:
Ed W wrote:
Lou Duchez wrote:
This arrangement is designed to trap POP3 and IMAP separately, and
also to allow a high number of errors before temporarily "jailing" a
user. This is to decrease the likelihood that a single user from a
single IP will get all his coworkers (tem
Lou Duchez wrote:
So any failure at any of the three protocols (SMTP, POP3, IMAP) is
considered a "strike" by all three, and they should all ban the same
guys at the same time. This is as yet untested, but seems like it
should be pretty sound.
I think you only need one service and you can u
Ed W wrote:
Lou Duchez wrote:
This arrangement is designed to trap POP3 and IMAP separately, and
also to allow a high number of errors before temporarily "jailing" a
user. This is to decrease the likelihood that a single user from a
single IP will get all his coworkers (temporarily) banned ov
Lou Duchez wrote:
This arrangement is designed to trap POP3 and IMAP separately, and
also to allow a high number of errors before temporarily "jailing" a
user. This is to decrease the likelihood that a single user from a
single IP will get all his coworkers (temporarily) banned over an
honest
On Mon, 11 May 2009 15:56:45 -0400
Lou Duchez wrote:
> Hi,
>
> Is there any way to disable the "dovecot: " at the beginning of each
> line of the log? Fail2Ban responds poorly to it. I know there are a
> number of sites with "failregex" strings for Fail2Ban and Dovecot, but
> I've tried the
Maybe there could be a page in the dovecot wiki about Fail2Ban? A
definitive Dovecot / Fail2ban resource would be useful. (If nobody
else creates one in a week, perhaps I will. But I have to perfect my
Fail2banning first ...)
I couldn't figure out how to add new pages to wiki.dovecot.org,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 11 May 2009, Bill Landry wrote:
Well, then that would explain it. Maybe it would be a good idea then to
remove the "dovecot: " from the beginning of each log line when not
using syslog for logging, since I'm pretty sure that anyone checking
Bill Landry wrote:
Timo Sirainen wrote:
On Mon, 2009-05-11 at 17:15 -0400, Lou Duchez wrote:
Re: the "dovecot: " at the beginning of the line in the log. I should
mention that other applications encounter a similar issue with Fail2Ban
-- for example, if you're running Asterisk, you ha
Timo Sirainen wrote:
> On Mon, 2009-05-11 at 17:15 -0400, Lou Duchez wrote:
>> Re: the "dovecot: " at the beginning of the line in the log. I should
>> mention that other applications encounter a similar issue with Fail2Ban
>> -- for example, if you're running Asterisk, you have to alter the log
On Mon, 2009-05-11 at 17:15 -0400, Lou Duchez wrote:
> Re: the "dovecot: " at the beginning of the line in the log. I should
> mention that other applications encounter a similar issue with Fail2Ban
> -- for example, if you're running Asterisk, you have to alter the log
> format such that the t
Re: the "dovecot: " at the beginning of the line in the log. I should
mention that other applications encounter a similar issue with Fail2Ban
-- for example, if you're running Asterisk, you have to alter the log
format such that the timestamp is at the beginning of the line:
http://www.voip-i
Original-Nachricht
> Datum: Mon, 11 May 2009 15:56:45 -0400
> Von: Lou Duchez
> An: dovecot@dovecot.org
> Betreff: [Dovecot] Fail2Ban and the Dovecot log
> Hi,
>
Hello
> Is there any way to disable the "dovecot: " at the beginning of eac
Bill Landry wrote:
> Lou Duchez wrote:
>
>> Is there any way to disable the "dovecot: " at the beginning of each
>> line of the log? Fail2Ban responds poorly to it. I know there are a
>> number of sites with "failregex" strings for Fail2Ban and Dovecot, but
>> I've tried them all, and they don't
Lou Duchez wrote:
> Is there any way to disable the "dovecot: " at the beginning of each
> line of the log? Fail2Ban responds poorly to it. I know there are a
> number of sites with "failregex" strings for Fail2Ban and Dovecot, but
> I've tried them all, and they don't work, at least with the la
Hi,
Is there any way to disable the "dovecot: " at the beginning of each
line of the log? Fail2Ban responds poorly to it. I know there are a
number of sites with "failregex" strings for Fail2Ban and Dovecot, but
I've tried them all, and they don't work, at least with the latest
Fail2ban and
22 matches
Mail list logo
