search for: ignoreip

...it just sends a ton of mails when start/stopped...yikes. Not sure if there is a setting only for errors or actions...but the start/stop mails are too annoying. Will use logwatch daily to check on it. line 16, added a space then my server ip address 123.123.123.123 (example ip address, not real) ignoreip = 127.0.0.1 123.456.789.123 SSH section line 48 enabled=true line 50, changed to my port number commented out the mailto section sasl section (for postfix) line 68 enabled=true backend = polling (I left this but have no idea if I should or not) line 71, 'rewrote it to' action = iptab...

...0 `- Banned IP list: (1) # cat jail.local [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap", protocol=tcp] logpath = /var/log/dovecot.log maxretry = 5 findtime = 300 bantime = 3600 ignoreip = 127.0.0.1 127.0.0.0/8 [postfx-sasl] enabled = true filter = postfix-sasl action = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp] # sendmail[name=Postfix, dest=you at mail.com] logpath = /var/lo...

...NOTICE.* .*: Failed to authenticate user .* It should ban both A and B, along with the original Regex line that I modified. Question is, would this present a problem under normal circumstances? I know when the line comes up with my.asterisk.server.ip it will get ignored because I am in the ignoreip list but I want to make sure it will be OK to adjust. Thanks community! -E -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20130305/b597629d/attachment.htm>

ever since implementing the no-recursion-on-outside queries fix on one of my name servers, my logwatch emails have been 10-20MB/day, filled with crud like... client 10.191.192.212 query (cache) 'm.777.liyuanxi.com/A/IN' denied: 1 Time(s) client 10.192.34.96 query (cache) 'dyjwntl.www.0411gogo.com/A/IN' denied: 1 Time(s) client 10.192.43.105 query (cache)

Olaf Hopp <Olaf.Hopp at kit.edu> wrote: > And I have a new one just for "unknown user" and here my bantime and findtime > are much bigger and the retries are just '2'. So here I'm much harsher. > I'll keep an eye on my logs and maybe some more twaeking is necessary. Just be careful about typos (like twaeking!): users could simply misspell their username,

...46.232.112.21 46.232.112.21 [root at ollie2 ~]# and the lines are still appearing. Here is my jail.local. (I did also try directly editing jail.conf to update the port commands). [DEFAULT] # set a higher bantime and findtime bantime=3600000 findtime=1200 # set the IP's to ignore / not ban ignoreip = 127.0.0.1/8 10.0.0.0/8 # set max number of attempts maxretry = 3 # set mail receiver destemail = fail2ban at ringways.co.uk sender = fail2ban at ringways.co.uk # enable sending mails, whois and logfile sections by choosing the "action_mwl" template, # see jail.conf for details action =...

...does, only no dovecot) I've copied the actual /etc/fail2ban/filter.d/dovecot.conf from old server, still nothing not sure where/how to look is there a standard/approved doveot filter..? cat jail.local ... [dovecot] enabled = true filter = dovecot logpath = /var/log/dovecot.log maxretry = 3 ignoreip = 127.0.0.1 127.0.0.0/8 ... # fail2ban-client status dovecot Status for the jail: dovecot |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- Journal matches: _SYSTEMD_UNIT=dovecot.service `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list: # gr...

> On 26 Jul 2017, at 7:57 pm, Olaf Hopp <Olaf.Hopp at kit.edu> wrote: > > Dear collegues, > > many thanks for your valuable input. > > Since we are an university GEO-IP blocking is not an option for us. > Somestimes I think it should ;-) > > My "mistake" was that I had just *one* fail2ban filter for both cases: > "wrong password" and

I'm trying to setup and test fail2ban with dovecot I've installed fail2ban, I've copied config from https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it, attempted multiple mail access with wrong password, but, get this: # fail2ban-client status dovecot-pop3imap Status for the jail: dovecot-pop3imap |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File

On Friday 19 April 2019 16:15:32 Kenneth Porter wrote: > On 4/19/2019 5:30 AM, Gary Stainburn wrote: > > I've followed one of the pages on line specifically for installing fail2ban on > > Centos 7 and all looks fine. > > Which page? It would help to see what they advised. > On Friday 19 April 2019 16:15:32 Kenneth Porter wrote: > On 4/19/2019 5:30 AM, Gary Stainburn

Hello List, with CentOS 7.2 it is not longer possible to run fail2ban on a Server ? I install a new CentOS 7.2 and the EPEL directory yum install fail2ban I don't change anything only I create a jail.local to enable the Filters [sshd] enabled = true .... ..... When I start afterward fail2ban systemctl status fail2ban is clean But systemctl status firewalld is broken ? firewalld.service -