På Sun, 28 Apr 2019 12:59:59 +0100 Pete Biggs pete@biggs.org.uk skrev:
/var/log/fail2ban.log is showing that it's working:
I have seem similar odd behaviour with f2b with other filters. Try to uninstall the package fail2ban-systemd and stop and start fail2ban again. This might change its behavior to the better.
The fail2ban-systemd package configures fail2ban to use systemd journal for log input. The OP can see that it is detecting the transgressions, so the input side of things is not the issue.
I do not agree. Yes, it is detecting something is bad - but it is the wrong filter, that is doing it, and that should not happen. Yes, both dovecot and exim filters look in some of the same ports; but the filters should know to look into the different logs. However the f2b-systemd 'package' seems to clutter this up. For me, I was trying to setup the recidive filter (for extended banning of ongoing abusers) but it wouldn't ban anything either. Removing the f2b-systemd package fixed it. Do notice, the f2b-systemd package is optional - it is not included with a simple f2b install - but the OP only installed it because of the instructions on that howtoforge website. I've been there, done that, too :-)
Thats why I think, he should try to remove it - as it didn't do any harm to my system, when I removed it - but it fixed recidive filtering.
It is also interesting to read about the backend in jail.conf Acording to that, backend = auto is default and auto includes 3 choices, where systemd is not even one of them - so installing systemd as default is quite an override, that may not be such a good idea (depending on the filters you choose)
Allan.