search for: fai2ban

I find csf/lfd much easier to configure and can be used in combination with fail2ban. Gary Stainburn <gary.stainburn at ringways.co.uk> wrote: >I've followed one of the pages on line specifically for installing fail2ban on >Centos 7 and all looks fine. > >I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested on >another page: > >

On 4/19/2019 5:30 AM, Gary Stainburn wrote: > I've followed one of the pages on line specifically for installing fail2ban on > Centos 7 and all looks fine. Which page? It would help to see what they advised.

> > The event that triggers the ban does complete as normal, which is what I would > expect as the ban is triggered by the log entry which is *after* the failed > attempt. > > However, after the /var/log/fail2ban.log showed the IP as banned, I continue > to see entries in /var/log/exim/main.log What ban action do you use? If it's something like iptables-multiport,

> > I did wonder that myself. I have now amended to Dovecot definition in jail.conf to: > > [dovecot] > > port = pop3,pop3s,imap,imaps,submission,sieve,25,1025,465,587 > logpath = %(dovecot_log)s > backend = %(dovecot_backend)s > > I then unbanned and banned each IP address manually with Did you reload the configuration? ("fail2ban-client reload")

P? Fri, 26 Apr 2019 11:50:47 +0100 Gary Stainburn <gary.stainburn at ringways.co.uk> skrev: > On Friday 19 April 2019 16:15:32 Kenneth Porter wrote: > > On 4/19/2019 5:30 AM, Gary Stainburn wrote: > > > I've followed one of the pages on line specifically for > > > installing fail2ban on Centos 7 and all looks fine. > > > > Which page? It would

> > > > /var/log/fail2ban.log is showing that it's working: > > I have seem similar odd behaviour with f2b with other filters. > Try to uninstall the package > fail2ban-systemd > and stop and start fail2ban again. > This might change its behavior to the better. > The fail2ban-systemd package configures fail2ban to use systemd journal for log input. The OP

On 4/26/19 3:50 AM, Gary Stainburn wrote: > I can't remember the other one. I have removed all of the manual amendments so am now basically set up as initially installed. This is my process for fail2ban: 1: "yum install fail2ban"? This installs fail2ban and fail2ban-firewalld. 2: install /etc/fail2ban/jail.local.? This file enables the matching rules in

On 4/29/19 1:44 AM, Gary Stainburn wrote: > and the lines are still appearing. Here is my jail.local. (I did also try directly editing jail.conf to update the port commands). > > > [exim] > port = 0:65535 If that's all that's in jail.local, then the jail shouldn't be enabled.? They're off by default.? I'd suggest that you remove fail2ban completely.?

On Monday 29 April 2019 02:21:05 Gordon Messmer wrote: > That's one approach.? I believe that you could modify fewer files by > setting "port = 0:65535" in your definition in "jail.local" and not > install firewallcmd-ipset.local. I have just tried this, and re-started fail2ban. It does not seem to have worked. I have looked at /var/log/exim/main.log and found

> I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested on > another page: The standard exim.conf already has a 535 filter. Was that not working for you? > > \[<HOST>\]: 535 Incorrect authentication data > > which appears to be successfully matchnig lines in /var/log/exim/mail.log such > as > > 2019-04-19 13:06:10 dovecot_plain

On Saturday 20 April 2019 00:32:43 Pete Biggs wrote: > What ban action do you use? If it's something like iptables-multiport, > then I wonder if the fact that it's detecting the failures as > '[dovecot]' means that it's using the dovecot ports, not the exim > ports, when applying the iptable rule. > > When a host has been banned, can you look at the

On Friday 19 April 2019 15:19:26 Pete Biggs wrote: > > I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested > > on another page: > > The standard exim.conf already has a 535 filter. Was that not working > for you? I was following the instructions as shown on the page. I did find after sending my post that there was already a regex in the standard

On Friday 19 April 2019 16:15:32 Kenneth Porter wrote: > On 4/19/2019 5:30 AM, Gary Stainburn wrote: > > I've followed one of the pages on line specifically for installing fail2ban on > > Centos 7 and all looks fine. > > Which page? It would help to see what they advised. > On Friday 19 April 2019 16:15:32 Kenneth Porter wrote: > On 4/19/2019 5:30 AM, Gary Stainburn

I've followed one of the pages on line specifically for installing fail2ban on Centos 7 and all looks fine. I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested on another page: \[<HOST>\]: 535 Incorrect authentication data which appears to be successfully matchnig lines in /var/log/exim/mail.log such as 2019-04-19 13:06:10 dovecot_plain