Displaying 20 results from an estimated 7000 matches similar to: "Spam, fail2ban and centos"
2012 Jun 15
1
Update on spam, postfix, fail2ban, centos 6
I have been using centos 6 in a virtualized system for a few months now.
Took a while to batten down the hatches with postfix, rbls, and to use
fail2ban correctly.
The mailserver for my website(s) are located on the http server as
well..an 'all in one' server.
DNS servers are separated.
My two sites, and their emails addresses (1 for each) have been around
for 10 and 15 years
2010 Jul 13
3
OT: fail2ban, spam and mail servers
Many of you are interested in and have used or recommended fail2ban
for your linux boxes. I finally installed it on our FreeBSD server (no
asterisk, hence the OT) with the help of a friend from the VoIP Users
Conference and Asterisk community.
After a lot of new learning about regex, I extended the actions and
filters to look at our mail server, plagued by spammers - who isn't?
Our server has
2020 Apr 07
0
fail2ban ban not working
On 4/7/20 11:54 AM, Gary Stainburn wrote:
> I have fail2ban on my mail server monitoring Dovecot and Exim.
>
> I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log:
>
> 2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO [dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05
> 2020-04-07 09:42:06,408 fail2ban.actions [16138]:
2012 Apr 27
1
fail2ban logrotate failure
I got the fail2ban from epel.
There were a number of issues relating to using a log file...
logwatch was looking for both fail2ban and fail2ban.log
logrotate file fail2ban added looked for fail2ban.log and then reset
itself to syslog
fail2ban itself went to syslog, over riding its fail2ban.log.
took a while, but I use /var/log/fail2ban now, that finally worked
through logrotates and logwatch.
2017 Dec 17
0
ot: fail2ban dovecot setup
Am 17.12.2017 um 00:56 schrieb voytek at sbt.net.au:
> I'm trying to setup and test fail2ban with dovecot
>
> I've installed fail2ban, I've copied config from
> https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it,
>
> attempted multiple mail access with wrong password, but, get this:
>
> # fail2ban-client status dovecot-pop3imap
> Status for
2017 Dec 17
0
ot: fail2ban dovecot setup
Copy dovecot-pop3imap.conf to dovecot-pop3imap.local.? Edit
dovecot-pop3imap.local and add to the failregex:
dovecot:.+auth failed.+rip=<HOST>
Then run:
fail2ban-regex /var/log/dovecot.log /etc/fail2ban/filter.d/dovecot-pop3imap.local
and see if you get any matches.
Bill
On 12/16/2017 6:56 PM, voytek at sbt.net.au wrote:
> I'm trying to setup and test fail2ban with dovecot
>
2017 Dec 17
1
ot: fail2ban dovecot setup
On Mon, December 18, 2017 3:06 am, Alex JOST wrote:
> Did you enable the dovecot service in fail2ban? By default all jails are
> disabled.
>
> /etc/fail2ban/jail.conf:
> [dovecot]
> enabled = true
Alex, thanks
no, not in jail.conf, I've put it in the
(1)
/etc/fail2ban/jail.local
I've also added postfix, that seems to work:
I've made test failed dovecot and
2017 Dec 18
0
ot: fail2ban dovecot setup
Have you tried just using the the filter dovecot.conf come with the
fail2ban?
# cat /etc/fail2ban/filter.d/dovecot.conf
......
failregex =
^%(__prefix_line)s(?:%(__pam_auth)s(?:\(dovecot:auth\))?:)?\s+authentication
failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S*
rhost=<HOST>(?:\s+user=\S*)?\s*$
^%(__prefix_line)s(?:pop3|imap)-login: (?:Info: )?(?:Aborted
2020 May 22
1
fail2ban setup centos 7 not picking auth fail?
I'm trying to set up fail2ban with dovecot, I have it working on 'old'
server Centos 6, but, not getting anywhere with 'new' server on Centos 7
using standard filters
I've copied same 'filter' to new server, still get nothing
any idea how to figure this out ?
on old server, it logs to syslog/messages
CentOS release 6.10 (Final) dovecot 2.3.10.1 (a3d0e1171)
old #
2020 Apr 17
0
[SOLVED] fail2ban firewalld problems with current CentOS 7
Am 17.04.20 um 02:59 schrieb Rob Kampen:
> On 13/04/20 1:30 pm, Orion Poplawski wrote:
>> On 4/9/20 6:31 AM, Andreas Haumer wrote:
>> ...
>>> I'm neither a fail2ban nor a SELinux expert, but it seems the
>>> standard fail2ban SELinux policy as provided by CentOS 7 is not
>>> sufficient anymore and the recent updates did not correctly
>>>
2020 Apr 17
2
[SOLVED] fail2ban firewalld problems with current CentOS 7
On 13/04/20 1:30 pm, Orion Poplawski wrote:
> On 4/9/20 6:31 AM, Andreas Haumer wrote:
> ...
>> I'm neither a fail2ban nor a SELinux expert, but it seems the
>> standard fail2ban SELinux policy as provided by CentOS 7 is not
>> sufficient anymore and the recent updates did not correctly
>> update the required SELinux policies.
>>
>> I could report this
2020 Apr 07
3
fail2ban ban not working
I have fail2ban on my mail server monitoring Dovecot and Exim.
I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log:
2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO [dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05
2020-04-07 09:42:06,408 fail2ban.actions [16138]: NOTICE [dovecot] Ban 77.40.61.224
2020-04-07 09:42:06,981
2016 Mar 10
0
[ISC Crosspost] Novel method for slowing down Locky on Samba server using fail2ban
From: bounces at isc.sans.edu
To: sbradcpa at pacbell.net <sbradcpa at pacbell.net>
Novel method for slowing down Locky on Samba server using fail2ban
https://isc.sans.edu/diary.html?n&storyid=20805
http://www.heise.de/security/artikel/Erpressungs-Trojaner-wie-Locky-aussperren-3120956.html
Google Translate version of above:
If you teach the Samba server to monitor and write Rename
2010 Nov 10
1
dictonary attacks
Hi hoping someone can help me a little with this one.
I have 2 mail servers, the incoming mail server runs dovecot and the
outgoing mail server runs postfix with sasl.
Lately I noticed a lot of spammers are running dictionary attacks on my
incoming server and then using that user/password for sasl on the outgoing
server.
The weird thing is I never see on the logs the guessed
2017 Dec 16
7
ot: fail2ban dovecot setup
I'm trying to setup and test fail2ban with dovecot
I've installed fail2ban, I've copied config from
https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it,
attempted multiple mail access with wrong password, but, get this:
# fail2ban-client status dovecot-pop3imap
Status for the jail: dovecot-pop3imap
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File
2010 Aug 09
1
fail2ban behavior
I created a filter and verified it with fail2ban-regex against
actual lines in my log and it works. During restarts of fail2ban,
only some previous ip's get banned immediately whereas some need a
reoccurrence despite the jail's config specification of maxretry and
findtime suggesting the entries mandate blocking.
I'd assume the behavior after a restart is noe way if it weren't for
2010 Nov 10
1
dovecot dictionary attacks
Hi, I been using dovecot for awhile and its been solid, however I been
having some issues with dictionary attacks.
I installed fail2ban and for the most part is working fine. However today I
got another spammer relaying through my server.
Looking at the logs I see the following dictonary attack from 94.242.206.37
Nov 10 03:04:38 pop dovecot: pop3-login: Disconnected: rip=94.242.206.37,
2015 Mar 10
2
Fail2Ban Centos 7 is there a trick to making it work?
On Mon, March 9, 2015 13:11, John Plemons wrote:
> Been working on fail2ban, and trying to make it work with plain Jane
> install of Centos 7
>
> Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
> of disk space. Very generic and vanilla.
>
> Current available epel repo version is fail2ban-0.9.1
>
> Looking at the log file, fail2ban starts and stops
2011 Aug 09
3
fail2ban help
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=my at email]
logpath = /var/log/maillog
maxretry = 6
and the following filter:
2017 Mar 02
3
fail2ban Asterisk 13.13.1
If this is a small site, I recommend you download the free version of SecAst
(www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does
NOT use the log file, or regexes, to match etc.instead it talks to Asterisk
through the AMI to extract security information. Messing with regexes is a
losing battle, and the lag in reading logs can allow an attacker 100+
registration