On Monday 29 April 2019 02:21:05 Gordon Messmer wrote:
That's one approach. I believe that you could modify fewer files by setting "port = 0:65535" in your definition in "jail.local" and not install firewallcmd-ipset.local.
I have just tried this, and re-started fail2ban. It does not seem to have worked.
I have looked at /var/log/exim/main.log and found lots of lines like
2019-04-29 09:39:15 dovecot_plain authenticator failed for (hosting-by.directwebhost.org.) [45.227.253.100]: 535 Incorrect authentication data
which are still not being stopped. I have run the commands
[root@ollie2 ~]# fail2ban-client set exim banip 45.227.253.100 45.227.253.100 [root@ollie2 ~]# fail2ban-client set exim banip 46.232.112.21 46.232.112.21 [root@ollie2 ~]#
and the lines are still appearing. Here is my jail.local. (I did also try directly editing jail.conf to update the port commands).
[DEFAULT] # set a higher bantime and findtime bantime=3600000 findtime=1200 # set the IP's to ignore / not ban ignoreip = 127.0.0.1/8 10.0.0.0/8 # set max number of attempts maxretry = 3 # set mail receiver destemail = fail2ban@ringways.co.uk sender = fail2ban@ringways.co.uk # enable sending mails, whois and logfile sections by choosing the "action_mwl" template, # see jail.conf for details action = %(action_mwl)s
[exim] port = 0:65535
[dovecot] port = 0:65535