Hello,
i more and more become this messages in logs:
Jul 6 20:43:56 ks3374456 dovecot: auth: Error: passwd-file(jean at
proxy.silviosiefke.com,213.130.118.102):
stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or
directory
Jul 6 21:35:32 ks3374456 dovecot: auth: Error: passwd-file(jennifer at
proxy.silviosiefke.com,41.160.109.28):
stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or
directory
Jul 6 21:35:38 ks3374456 dovecot: auth: Error: passwd-file(jennifer at
proxy.silviosiefke.com,41.160.109.28):
stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or
directory
Jul 6 21:35:44 ks3374456 dovecot: auth: Error: passwd-file(jennifer at
proxy.silviosiefke.com,41.160.109.28):
stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or
directory
Jul 6 22:27:13 ks3374456 dovecot: auth: Error: passwd-file(jack at
proxy.silviosiefke.com,203.113.206.105):
stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or
directory
Jul 6 22:27:20 ks3374456 dovecot: auth: Error: passwd-file(jack at
proxy.silviosiefke.com,203.113.206.105):
stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or
directory
Jul 6 22:27:26 ks3374456 dovecot: auth: Error: passwd-file(jack at
proxy.silviosiefke.com,203.113.206.105):
stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or
directory
Jul 6 22:36:49 ks3374456 dovecot: auth: Error: passwd-file(eric at
proxy.silviosiefke.com,41.21.178.38):
stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or
directory
I understand not, because i have set dovecot so it launched only on my
vpn ips. Give there a way to underbind this tries? I have installed
fail2ban. Maybe im stupid, because this help not or i has set wrong
entrys.
<dovecot>
service imap-login {
inet_listener imap {
address = 10.8.0.1
port = 12520
}
inet_listener imaps {
address = 10.8.0.1
port = 12550
}
}
</dovecot>
<fail2ban>
[dovecot]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot,
port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
logpath = /var/log/mail.log
[dovecot-auth]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot-auth,
port="12520,12550,submission,465,sieve", protocol=tcp]
logpath = /var/log/mail.log
</fail2ban>
Thanks for help & Nice day
Silvio
On 07/07/2014 14:22, Silvio Siefke wrote:> service imap-login { > port = 12520 > > inet_listener imaps { > port = 12550 > > <fail2ban> > [dovecot] > enabled = true > filter = dovecot > action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp] > logpath = /var/log/mail.log >Silvio, one reason why fail 2 ban is not trapping those may be because: (a) in Dovecot you have defined your imap and imaps services to be ports around 125x0, whereas (b) in fail2ban you have relied on the standard imap and imaps definitions, which are 143 (I think) and 993 Might you need to enter 12520 and 12550 in your fail2ban stanza, instead of imap and imaps? Just an idea, I could be wrong; I've never set that up, myself. You mention vpn. There may also be a second problem with your network anyway, if 12520 and 12550 are vpn ports, because external traffic should not be able to appear on those, unless a vpn entry is compromised, somewhere. (That is, assuming there is a separate vpn access control system outside of Dovecot.) regards, Ron
Am 07.07.2014 15:22, schrieb Silvio Siefke:> Hello, > > i more and more become this messages in logs: > > Jul 6 20:43:56 ks3374456 dovecot: auth: Error: passwd-file(jean at proxy.silviosiefke.com,213.130.118.102): stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or directory > Jul 6 21:35:32 ks3374456 dovecot: auth: Error: passwd-file(jennifer at proxy.silviosiefke.com,41.160.109.28): stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or directory > Jul 6 21:35:38 ks3374456 dovecot: auth: Error: passwd-file(jennifer at proxy.silviosiefke.com,41.160.109.28): stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or directory > Jul 6 21:35:44 ks3374456 dovecot: auth: Error: passwd-file(jennifer at proxy.silviosiefke.com,41.160.109.28): stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or directory > Jul 6 22:27:13 ks3374456 dovecot: auth: Error: passwd-file(jack at proxy.silviosiefke.com,203.113.206.105): stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or directory > Jul 6 22:27:20 ks3374456 dovecot: auth: Error: passwd-file(jack at proxy.silviosiefke.com,203.113.206.105): stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or directory > Jul 6 22:27:26 ks3374456 dovecot: auth: Error: passwd-file(jack at proxy.silviosiefke.com,203.113.206.105): stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or directory > Jul 6 22:36:49 ks3374456 dovecot: auth: Error: passwd-file(eric at proxy.silviosiefke.com,41.21.178.38): stat(/var/vmail/auth.d/proxy.silviosiefke.com/passwd) failed: No such file or directory > > I understand not, because i have set dovecot so it launched only on my > vpn ips. Give there a way to underbind this tries? I have installed > fail2ban. Maybe im stupid, because this help not or i has set wrong > entrys. > > > <dovecot> > service imap-login { > inet_listener imap { > address = 10.8.0.1 > port = 12520 > } > > inet_listener imaps { > address = 10.8.0.1 > port = 12550 > } > } > </dovecot> > > <fail2ban> > [dovecot] > enabled = true > filter = dovecot > action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp] > logpath = /var/log/mail.log > > [dovecot-auth] > enabled = true > filter = dovecot > action = iptables-multiport[name=dovecot-auth, port="12520,12550,submission,465,sieve", protocol=tcp] > logpath = /var/log/mail.log > </fail2ban> > > Thanks for help & Nice day > Silvio >Seems as if you have configured Dovecot to use a file that doesn't exist. This has nothing to do with fail2ban. Let's see the output of "doveconf -n" to start with. -- Alex JOST