[CentOS] faI2ban detecting and banning but nothing happens
Gary Stainburn
gary.stainburn at ringways.co.uk
Mon Apr 29 08:44:02 UTC 2019
On Monday 29 April 2019 02:21:05 Gordon Messmer wrote:
> That's one approach. I believe that you could modify fewer files by
> setting "port = 0:65535" in your definition in "jail.local" and not
> install firewallcmd-ipset.local.
I have just tried this, and re-started fail2ban. It does not seem to have worked.
I have looked at /var/log/exim/main.log and found lots of lines like
2019-04-29 09:39:15 dovecot_plain authenticator failed for (hosting-by.directwebhost.org.) [45.227.253.100]: 535 Incorrect authentication data
which are still not being stopped. I have run the commands
[root at ollie2 ~]# fail2ban-client set exim banip 45.227.253.100
45.227.253.100
[root at ollie2 ~]# fail2ban-client set exim banip 46.232.112.21
46.232.112.21
[root at ollie2 ~]#
and the lines are still appearing. Here is my jail.local. (I did also try directly editing jail.conf to update the port commands).
[DEFAULT]
# set a higher bantime and findtime
bantime=3600000
findtime=1200
# set the IP's to ignore / not ban
ignoreip = 127.0.0.1/8 10.0.0.0/8
# set max number of attempts
maxretry = 3
# set mail receiver
destemail = fail2ban at ringways.co.uk
sender = fail2ban at ringways.co.uk
# enable sending mails, whois and logfile sections by choosing the "action_mwl" template,
# see jail.conf for details
action = %(action_mwl)s
[exim]
port = 0:65535
[dovecot]
port = 0:65535
More information about the CentOS
mailing list