[CentOS] Antwort: fail2ban help
Andreas Reschke
Andreas.Reschke at behrgroup.com
Tue Aug 9 08:52:06 UTC 2011
centos-bounces at centos.org schrieb am 09.08.2011 10:39:57:
> Nikos Gatsis - Qbit <ngatsis at qbit.gr>
> Gesendet von: centos-bounces at centos.org
>
> 09.08.2011 10:40
>
> Bitte antworten an
> CentOS mailing list <centos at centos.org>
>
> An
>
> centos at centos.org
>
> Kopie
>
> Thema
>
> [CentOS] fail2ban help
>
> Hello list.
> I have a question for fail2ban for bad logins on sasl.
> I use sasl, sendmail and cyrus-imapd.
> In jail.conf I use the following syntax:
>
> [sasl-iptables]
>
> enabled = true
> filter = sasl
> backend = polling
> action = iptables[name=sasl, port=smtp, protocol=tcp]
> sendmail-whois[name=sasl, dest=my at email]
> logpath = /var/log/maillog
> maxretry = 6
>
> and the following filter:
>
> failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
> (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
> [A-Za-z0-9+/]*={0,2})?$
>
> in iptables:
>
> fail2ban-sasl tcp -- anywhere anywhere tcp
> dpt:smtp
> ...
>
> Chain fail2ban-sasl (2 references)
> target prot opt source destination
> RETURN all -- anywhere anywhere
>
>
> The problem is that never ban bad logins.
>
> I tried to change action as port="imap,imaps,pop3,pop3s,smtp" but
> nothing change.
>
> Can somebody help me?
>
> Thank you,
> Nikos
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
Hello Nikos,
I have nearly the same regex as you:
failregex = : warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed.*
and it works with
fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/sasl.conf
Gruß
Andreas Reschke
________________________________________________________________
Unix/Linux-Administration
Andreas.Reschke at behrgroup.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110809/47560e1e/attachment.html>
More information about the CentOS
mailing list