search for: seelmann

...ted, including > weakforced, however implementing that is a much larger project. i dont understand why you focused on that ldap strings fail2ban should trigger on some "Authentication failure" regex in the related syslog perhaps this will help to make it more clear http://www.stefan-seelmann.de/wiki/fail2ban#postfix-and-dovecot > > Next I have to find out how to feed my fail2ban logs back to > blocklist.de, to improve their mail.txt hit rate. > > Thanks again for all kind assistance. > > MJ > > On 07/20/2017 11:16 AM, mj wrote: >> Hi all, >&gt...

Hi Robert, > i dont understand why you focused on that ldap strings > fail2ban should trigger on some "Authentication failure" regex in the > related syslog > > perhaps this will help to make it more clear > > http://www.stefan-seelmann.de/wiki/fail2ban#postfix-and-dovecot Yes, but I have that as well. :-) I wanted two kinds of blockings: #1: Everybody trying the well-known passwords (password, 123321, 1q2w3e, etc, etc) to become blocked *immediately* and for *always*. #2: I wanted all others have to have the 'regular'...

...: > Hi Robert, > >> i dont understand why you focused on that ldap strings >> fail2ban should trigger on some "Authentication failure" regex in the >> related syslog >> >> perhaps this will help to make it more clear >> >> http://www.stefan-seelmann.de/wiki/fail2ban#postfix-and-dovecot > > Yes, but I have that as well. :-) > > I wanted two kinds of blockings: > > #1: Everybody trying the well-known passwords (password, 123321, 1q2w3e, > etc, etc) to become blocked *immediately* and for *always*. > > #2: I wanted...

Hi all, If I may, one more question on this subject: I would like to create a fail2ban filer, that scans for these lines: > Jul 20 11:10:09 auth: Info: ldap(user1,60.166.35.162,<cDFXHbxUQgA8piOi>): invalid credentials (given password: password) > Jul 20 11:10:19 auth: Info: ldap(user2,61.53.66.4,<V+nyHbxU+wA9NUIE>): invalid credentials (given password: password) (as you can