On Wed, Apr 10, 2013 at 6:06 AM, Nikos Gatsis - Qbit <ngatsis at qbit.gr>wrote: > Hello list > I'm trying to setup fail2ban specially sasl action but I'm facing problems. > I have centos-release-5-9.el5.centos.1 > and > fail2ban-0.8.7.1-1.el5.rf > I'm using fail2ban from EPEL since I didn't have any luck with the package from RPMForge. I standardize on using EPEL if I can (but another admin installed the rpmforge repo earlier). I had to tweak the regex for the sasl filter to get it to match failed sasl auth attempts though (EPEL package). ]# grep failregex /etc/fail2ban/filter.d/sasl.conf # Option: failregex #failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$ failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/\s]*={0,2})?$ > installed > with selinux disabled > > The errors I get are: > INFO Creating new jail 'sasl-iptables' > fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables', > 'polling'] > I believe this is exactly what I saw before I bailed on the rpmforge fail2ban packages. > > I tried gemin against polling but I get the same error. > You don't need to set it to gamin ... the sasl jail (by default) is set to polling (and this works with the EPEL package). > The strange thing is that if I enable ssh action, starts with no problem. > So it appears to be problem with sasl action, witch is: > > [sasl-iptables] > > enabled = true > filter = sasl > backend = polling > action = iptables-multiport[name=sasl, > port="imap,imaps,pop3,pop3s,smtp", protocol=tcp] > sendmail-whois[name=sasl, dest=my at email] > logpath = /var/log/maillog > > The same setup I have in several mailserver (fedora and centos 6 distro) > and all work fine. > > Does someone faced the same problem? > > Thak you in advance. > > -- > Untitled Document > ------------------------------------------------------------------------ > *Γατσής Νίκος - Gatsis Nikos* > Web developer > tel.: 2108256721 - 2108256722 > fax: 2108256712 > email: ngatsis at qbit.gr > http://www.qbit.gr > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- ---~~.~~--- Mike // SilverTip257 //