På Sun, 28 Apr 2019 12:59:59 +0100 Pete Biggs <pete at biggs.org.uk> skrev: > > > > > > /var/log/fail2ban.log is showing that it's working: > > > > I have seem similar odd behaviour with f2b with other filters. > > Try to uninstall the package > > fail2ban-systemd > > and stop and start fail2ban again. > > This might change its behavior to the better. > > > > The fail2ban-systemd package configures fail2ban to use systemd > journal for log input. The OP can see that it is detecting the > transgressions, so the input side of things is not the issue. I do not agree. Yes, it is detecting something is bad - but it is the wrong filter, that is doing it, and that should not happen. Yes, both dovecot and exim filters look in some of the same ports; but the filters should know to look into the different logs. However the f2b-systemd 'package' seems to clutter this up. For me, I was trying to setup the recidive filter (for extended banning of ongoing abusers) but it wouldn't ban anything either. Removing the f2b-systemd package fixed it. Do notice, the f2b-systemd package is optional - it is not included with a simple f2b install - but the OP only installed it because of the instructions on that howtoforge website. I've been there, done that, too :-) Thats why I think, he should try to remove it - as it didn't do any harm to my system, when I removed it - but it fixed recidive filtering. It is also interesting to read about the backend in jail.conf Acording to that, backend = auto is default and auto includes 3 choices, where systemd is not even one of them - so installing systemd as default is quite an override, that may not be such a good idea (depending on the filters you choose) Allan.