Displaying 20 results from an estimated 6000 matches similar to: "fail2ban"
2020 May 22
3
fail2ban setup centos 7 not picking auth fail?
On Fri, May 22, 2020 2:05 pm, Adi Pircalabu wrote:
> On 22-05-2020 10:38, Voytek Eymont wrote:
>
> Hardly a Dovecot issue. Can you please post the output of this command?
> /usr/bin/fail2ban-regex /var/log/dovecot.log
> /etc/fail2ban/filter.d/dovecot.conf
Adi,
thanks, what I get is:
# /usr/bin/fail2ban-regex /var/log/dovecot.log
/etc/fail2ban/filter.d/dovecot.conf
Running
2009 May 11
4
Fail2Ban and the Dovecot log
Hi,
Is there any way to disable the "dovecot: " at the beginning of each
line of the log? Fail2Ban responds poorly to it. I know there are a
number of sites with "failregex" strings for Fail2Ban and Dovecot, but
I've tried them all, and they don't work, at least with the latest
Fail2ban and the latest Dovecot. The Fail2Ban wiki is pretty clear
about why there
2013 Oct 04
4
fail2ban
For dovecot 2.1
as per wiki2, is this still valid? noticed a problem before and saw
it does seem to be triggering, I use:
maxretry = 6
findtime = 600
bantime = 3600
and there was like, 2400 hits in 4 minutes, it is pointing to the
correct log file, but I am no expert with fail2ban, so not sure if the
log format of today is compatible with the wiki2 entry
filter.d/dovecot.conf
[Definition]
2017 Sep 11
3
Fail2ban 'Password mismatch' regex
I have turned on 'auth_debug_passwords=yes? in dovecot.conf.
I?m trying to get Fail2ban to detect this log line:
Sep 11 15:52:49 mail dovecot[54239]: auth-worker(10094): sql(user at bordo.com.au <mailto:user at bordo.com.au>,::1,<L2xqieNYeM4AAAAAAAAAAAAAAAAAAAAB>): Password mismatch (given password: 2)
I?ve added it as the last line of my dovecot filter regex:
failregex =
2017 Dec 16
7
ot: fail2ban dovecot setup
I'm trying to setup and test fail2ban with dovecot
I've installed fail2ban, I've copied config from
https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it,
attempted multiple mail access with wrong password, but, get this:
# fail2ban-client status dovecot-pop3imap
Status for the jail: dovecot-pop3imap
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File
2017 Sep 11
2
Fail2ban 'Password mismatch' regex
> On 11 Sep 2017, at 5:10 pm, Christian Kivalo <ml+dovecot at valo.at> wrote:
>
> On 2017-09-11 08:57, James Brown wrote:
>> I have turned on 'auth_debug_passwords=yes? in dovecot.conf.
>> I?m trying to get Fail2ban to detect this log line:
>> Sep 11 15:52:49 mail dovecot[54239]: auth-worker(10094): sql(user at bordo.com.au <mailto:user at
2011 Aug 09
3
fail2ban help
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=my at email]
logpath = /var/log/maillog
maxretry = 6
and the following filter:
2019 Apr 09
1
Editing fail2ban page?
In https://wiki.dovecot.org/HowTo/Fail2Ban, for a current (I know for
a fact in 2.2.36) I believe it should be
filter = dovecot
instead of
filter = dovecot-pop3imap
[root at mail ~]# ls -l /etc/fail2ban/filter.d/doveco*
-rw-r--r-- 1 root root 1875 May 11 2017 /etc/fail2ban/filter.d/dovecot.conf
[root at mail ~]#
2008 Jul 23
1
[Fwd: Re: fail2ban needs shorewall?]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've used denyhosts.
If you do have an issue with fail2ban, it does pretty much the same thing.
Andy
- -------- Original Message --------
Subject: Re: [CentOS] fail2ban needs shorewall?
Date: Wed, 23 Jul 2008 17:08:07 +0200
From: Kai Schaetzl <maillists at conactive.com>
Reply-To: CentOS mailing list <centos at centos.org>
To:
2013 Jul 14
1
Fail2ban and logging
Hello,
Dovecot is logging authentication failures this way:
------
Jul 12 18:07:19 vps0 dovecot: imap-login: Disconnected (auth failed, 22
attempts in 172 secs): user=<info>, method=PLAIN, rip=82.95.148.152,
lip=1.2.3.4, TLS, session=<QylMqlLhVwBSX5SY>
------
Fail2ban is trying to catch them with this regex:
------
failregex = .*(?:pop3-login|imap-login):.*(?:Authentication
2010 Jun 10
2
Fail2ban
I have fail2ban working for EVERYTHING else except dovecot. I have tried
using my own custom regex in conjunction with the regex on the
dovecot.org site. Neither are picked up by fail2ban and I'm trying to
use an imminent attack agaist dovecot, going on now, to my advantage to
see when I get the right regexp. Here are my current ones:
failregex = .*dovecot: (?:pop3-login|imap-login):
2010 Aug 01
3
fail2ban does not work for my asterisk installation
The failregex statement in my jail.conf file is:
*
failregex* = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong
password
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No
matching peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
Username/auth name mismatch
2017 Mar 01
3
fail2ban Asterisk 13.13.1
Hello, fail2ban does not ban offending IP.
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for 'offending-IP:53417' - Wrong
password
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for ?offending-IP:53911' -
Wrong password
systemctl status
2015 Sep 13
4
Fail2ban
Hello
I'm using the Fail2ban. I configuration below. I want to try to
prevent the continuous password. Fail2ban password that does not
prevent this form. (Asterisk 1.8 / Elastix interface)
What could be the problem ?
Asterisk log;
"Registration from '<sip:3060 at sip.x.eu;transport=UDP>' failed for
'x.x.x.x:32956' - Wrong password"
Fail2ban asterisk
2017 Mar 02
3
fail2ban Asterisk 13.13.1
If this is a small site, I recommend you download the free version of SecAst
(www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does
NOT use the log file, or regexes, to match etc.instead it talks to Asterisk
through the AMI to extract security information. Messing with regexes is a
losing battle, and the lag in reading logs can allow an attacker 100+
registration
2020 May 22
1
fail2ban setup centos 7 not picking auth fail?
I'm trying to set up fail2ban with dovecot, I have it working on 'old'
server Centos 6, but, not getting anywhere with 'new' server on Centos 7
using standard filters
I've copied same 'filter' to new server, still get nothing
any idea how to figure this out ?
on old server, it logs to syslog/messages
CentOS release 6.10 (Final) dovecot 2.3.10.1 (a3d0e1171)
old #
2013 Apr 10
3
fail2ban problem
Hello list
I'm trying to setup fail2ban specially sasl action but I'm facing problems.
I have centos-release-5-9.el5.centos.1
and
fail2ban-0.8.7.1-1.el5.rf
installed
with selinux disabled
The errors I get are:
INFO Creating new jail 'sasl-iptables'
fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables',
'polling']
I tried gemin against
2015 Sep 14
2
Fail2ban
I solved the problem. "action.d/iptables-custom.conf" include only udp.
service fail2ban restart
Thank you.
On Sun, Sep 13, 2015 at 9:17 PM, Andres <andres at telesip.net> wrote:
> On 9/13/15 11:16 AM, Gokan Atmaca wrote:
>>
>> Hello
>>
>> I'm using the Fail2ban. I configuration below. I want to try to
>> prevent the continuous password.
2015 Jan 08
4
SEMI OFF-TOPIC - Fail2ban
Hi list , someone on the list has seen this type of connection
attempts in asterisk, fail2ban does not stop
2015-01-08 14:59:47] SECURITY[21515] res_security_log.c:
SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:100 at
2017 Jul 29
1
under another kind of attack
Hi to all,
@Olaf Hopp I've this filter enabled for fail2ban, my question is: could
my filters overlap or interfere with those suggested by you?
this is my filter:
Contents of /etc/fail2ban/jail.conf:
[postfix]
# Ban for 10 minutes if it fails 6 times within 10 minutes
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 6
bantime = 600