Displaying 20 results from an estimated 3000 matches similar to: "Fail2ban"
2010 Aug 17
11
EVERYONE USING DOVECOT PLEASE SIGN: Thanks, Administrators of Dovecot!
With the release of dovecot 2.0, the community of the Dovecot mailling
list, and us at Shelton Computers, would sincerely like to thank the
developers of Dovecot. For, if it were not for you, we would be stuck
with Courier and would not have the impressive features of Sieve, as
opposed to the unmanageable scripts, by end users, of maildrop.
*Our gratitude goes to, but not limited to:*
*Timo
2010 Jun 05
2
DOES NOT PERTAIN TO DOVECOT: Does anyone use postfix for some help?
When mail is sent from the mail server, it shows up as originating from
the MAIN ip address of the server, 173.50.101.11, when the mail server
is bound to 173.50.101.12. I have already set smtp_bind_address:
173.50.101.12 in main.cf and 173.50.101.12:smtp inet - - smtpd in
master.cf. This prevents smtp connects TO any other ip but 173.50.101.12
BUT mail STILL shows up originating from eth1,
2009 May 11
4
Fail2Ban and the Dovecot log
Hi,
Is there any way to disable the "dovecot: " at the beginning of each
line of the log? Fail2Ban responds poorly to it. I know there are a
number of sites with "failregex" strings for Fail2Ban and Dovecot, but
I've tried them all, and they don't work, at least with the latest
Fail2ban and the latest Dovecot. The Fail2Ban wiki is pretty clear
about why there
2011 Aug 09
3
fail2ban help
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=my at email]
logpath = /var/log/maillog
maxretry = 6
and the following filter:
2013 Oct 04
4
fail2ban
For dovecot 2.1
as per wiki2, is this still valid? noticed a problem before and saw
it does seem to be triggering, I use:
maxretry = 6
findtime = 600
bantime = 3600
and there was like, 2400 hits in 4 minutes, it is pointing to the
correct log file, but I am no expert with fail2ban, so not sure if the
log format of today is compatible with the wiki2 entry
filter.d/dovecot.conf
[Definition]
2020 May 22
3
fail2ban setup centos 7 not picking auth fail?
On Fri, May 22, 2020 2:05 pm, Adi Pircalabu wrote:
> On 22-05-2020 10:38, Voytek Eymont wrote:
>
> Hardly a Dovecot issue. Can you please post the output of this command?
> /usr/bin/fail2ban-regex /var/log/dovecot.log
> /etc/fail2ban/filter.d/dovecot.conf
Adi,
thanks, what I get is:
# /usr/bin/fail2ban-regex /var/log/dovecot.log
/etc/fail2ban/filter.d/dovecot.conf
Running
2017 Dec 16
7
ot: fail2ban dovecot setup
I'm trying to setup and test fail2ban with dovecot
I've installed fail2ban, I've copied config from
https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it,
attempted multiple mail access with wrong password, but, get this:
# fail2ban-client status dovecot-pop3imap
Status for the jail: dovecot-pop3imap
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File
2013 Apr 10
3
fail2ban problem
Hello list
I'm trying to setup fail2ban specially sasl action but I'm facing problems.
I have centos-release-5-9.el5.centos.1
and
fail2ban-0.8.7.1-1.el5.rf
installed
with selinux disabled
The errors I get are:
INFO Creating new jail 'sasl-iptables'
fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables',
'polling']
I tried gemin against
2008 Jul 23
1
[Fwd: Re: fail2ban needs shorewall?]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've used denyhosts.
If you do have an issue with fail2ban, it does pretty much the same thing.
Andy
- -------- Original Message --------
Subject: Re: [CentOS] fail2ban needs shorewall?
Date: Wed, 23 Jul 2008 17:08:07 +0200
From: Kai Schaetzl <maillists at conactive.com>
Reply-To: CentOS mailing list <centos at centos.org>
To:
2017 Sep 11
3
Fail2ban 'Password mismatch' regex
I have turned on 'auth_debug_passwords=yes? in dovecot.conf.
I?m trying to get Fail2ban to detect this log line:
Sep 11 15:52:49 mail dovecot[54239]: auth-worker(10094): sql(user at bordo.com.au <mailto:user at bordo.com.au>,::1,<L2xqieNYeM4AAAAAAAAAAAAAAAAAAAAB>): Password mismatch (given password: 2)
I?ve added it as the last line of my dovecot filter regex:
failregex =
2017 Sep 11
2
Fail2ban 'Password mismatch' regex
> On 11 Sep 2017, at 5:10 pm, Christian Kivalo <ml+dovecot at valo.at> wrote:
>
> On 2017-09-11 08:57, James Brown wrote:
>> I have turned on 'auth_debug_passwords=yes? in dovecot.conf.
>> I?m trying to get Fail2ban to detect this log line:
>> Sep 11 15:52:49 mail dovecot[54239]: auth-worker(10094): sql(user at bordo.com.au <mailto:user at
2015 Sep 13
4
Fail2ban
Hello
I'm using the Fail2ban. I configuration below. I want to try to
prevent the continuous password. Fail2ban password that does not
prevent this form. (Asterisk 1.8 / Elastix interface)
What could be the problem ?
Asterisk log;
"Registration from '<sip:3060 at sip.x.eu;transport=UDP>' failed for
'x.x.x.x:32956' - Wrong password"
Fail2ban asterisk
2019 Apr 09
1
Editing fail2ban page?
In https://wiki.dovecot.org/HowTo/Fail2Ban, for a current (I know for
a fact in 2.2.36) I believe it should be
filter = dovecot
instead of
filter = dovecot-pop3imap
[root at mail ~]# ls -l /etc/fail2ban/filter.d/doveco*
-rw-r--r-- 1 root root 1875 May 11 2017 /etc/fail2ban/filter.d/dovecot.conf
[root at mail ~]#
2013 Aug 12
1
fail2ban
hi
dovecot filter for fail2ban do not match:
dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=67
dovecot filter:
failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
bst regards.
2017 Mar 01
3
fail2ban Asterisk 13.13.1
Hello, fail2ban does not ban offending IP.
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for 'offending-IP:53417' - Wrong
password
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for ?offending-IP:53911' -
Wrong password
systemctl status
2010 Aug 01
3
fail2ban does not work for my asterisk installation
The failregex statement in my jail.conf file is:
*
failregex* = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong
password
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No
matching peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
Username/auth name mismatch
2017 Mar 02
3
fail2ban Asterisk 13.13.1
If this is a small site, I recommend you download the free version of SecAst
(www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does
NOT use the log file, or regexes, to match etc.instead it talks to Asterisk
through the AMI to extract security information. Messing with regexes is a
losing battle, and the lag in reading logs can allow an attacker 100+
registration
2019 Jun 06
2
Fail2ban for asterisk 16 PJSIP
Hello
Anyone have a working copy of Fail2ban asterisk filter asterisk.conf
for Asterisk 16 running PJSIP.
I have tried 10 different filters but none of them show any matches when testing with
fail2ban-regex
I see date template hits but no matches....
My log
[2019-06-06 15:37:20] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at
2013 Jun 19
1
fail2ban with standard Apache log format?
I want to use fail2ban on CentOS 6 to monitor Apache with the standard
default logfile format ("combined"). Has anyone here succeeded in doing so?
The format has the IP at the start of the line, followed by two dashes
(if no authentication) and THEN the timestamp. What I've read on the
fail2ban wiki seems to say that the timestamp must ALWAYS be at the start
of the line, followed by
2013 Jul 14
1
Fail2ban and logging
Hello,
Dovecot is logging authentication failures this way:
------
Jul 12 18:07:19 vps0 dovecot: imap-login: Disconnected (auth failed, 22
attempts in 172 secs): user=<info>, method=PLAIN, rip=82.95.148.152,
lip=1.2.3.4, TLS, session=<QylMqlLhVwBSX5SY>
------
Fail2ban is trying to catch them with this regex:
------
failregex = .*(?:pop3-login|imap-login):.*(?:Authentication