Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=my at email]
logpath = /var/log/maillog
maxretry = 6
and the following filter:
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
[A-Za-z0-9+/]*={0,2})?$
in iptables:
fail2ban-sasl tcp -- anywhere anywhere tcp
dpt:smtp
...
Chain fail2ban-sasl (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
The problem is that never ban bad logins.
I tried to change action as port="imap,imaps,pop3,pop3s,smtp" but
nothing change.
Can somebody help me?
Thank you,
Nikos