centos-bounces at centos.org schrieb am 09.08.2011 10:39:57: > Nikos Gatsis - Qbit <ngatsis at qbit.gr> > Gesendet von: centos-bounces at centos.org > > 09.08.2011 10:40 > > Bitte antworten an > CentOS mailing list <centos at centos.org> > > An > > centos at centos.org > > Kopie > > Thema > > [CentOS] fail2ban help > > Hello list. > I have a question for fail2ban for bad logins on sasl. > I use sasl, sendmail and cyrus-imapd. > In jail.conf I use the following syntax: > > [sasl-iptables] > > enabled = true > filter = sasl > backend = polling > action = iptables[name=sasl, port=smtp, protocol=tcp] > sendmail-whois[name=sasl, dest=my at email] > logpath = /var/log/maillog > maxretry = 6 > > and the following filter: > > failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL > (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: > [A-Za-z0-9+/]*={0,2})?$ > > in iptables: > > fail2ban-sasl tcp -- anywhere anywhere tcp > dpt:smtp > ... > > Chain fail2ban-sasl (2 references) > target prot opt source destination > RETURN all -- anywhere anywhere > > > The problem is that never ban bad logins. > > I tried to change action as port="imap,imaps,pop3,pop3s,smtp" but > nothing change. > > Can somebody help me? > > Thank you, > Nikos > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos Hello Nikos, I have nearly the same regex as you: failregex = : warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed.* and it works with fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/sasl.conf Gruß Andreas Reschke ________________________________________________________________ Unix/Linux-Administration Andreas.Reschke at behrgroup.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110809/47560e1e/attachment-0005.html>