Luigi Rosa wrote:> Does anyone have the filter strings for Fail2Ban 0.8 to block Dovecot 1.1
login
> failures?
In "jail.conf" I use:
=========enabled = true
filter = dovecot
action = iptables-multiport[name=Dovecot, port="imap,imaps",
protocol=tcp]
sendmail-whois[name=Dovecot, dest=someone at yourdomain.com,
sender=root at yourdomain.com]
logpath = /var/log/dovecot
maxretry = 3
bantime = 3600
=========
You will need to modify the entries shown above based on your own
configuration. Then in "dovecot.conf" I use:
=========failregex = mail dovecot.*passwd.*,<HOST>\).*(unknown
user|Password
mismatch)
=========
Watch out for word-wrapping in the above lines.
Bill