similar to: Fail2ban mail failures ???

Received -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of centos-request at centos.org Sent: Saturday, December 27, 2014 6:00 AM To: centos at centos.org Subject: CentOS Digest, Vol 119, Issue 26 - Email found in subject Send CentOS mailing list submissions to centos at centos.org To subscribe or unsubscribe via the World Wide

On 2014-12-26 12:39 pm, Robert G. (Doc) Savage wrote: > I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's > alerts sent to root's mail to be rejected. Here's a clip from one of > the > error messages: > > > Message 48: > From MAILER-DAEMON at lion.protogeek.org Sun Dec 21 03:09:20 2014 > Return-Path:

-----Original Message----- From: ????????? ???????? <nevis2us at infoline.su> Reply-to: CentOS mailing list <centos at centos.org> To: CentOS mailing list <centos at centos.org> Subject: Re: [CentOS] Fail2ban mail failures ??? Date: Fri, 26 Dec 2014 21:30:39 +0300 Robert G. (Doc) Savage ????? 2014-12-26 20:39: > I'm using fail2ban with CentOS 6.6. Something is causing

Robert G. (Doc) Savage ????? 2014-12-26 20:39: > I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's > alerts sent to root's mail to be rejected. Here's a clip from one of > the > error messages: > > > Message 48: > From MAILER-DAEMON at lion.protogeek.org Sun Dec 21 03:09:20 2014 > Return-Path:

I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's alerts sent to root's mail to be rejected. Here's a clip from one of the error messages: Message 48: From MAILER-DAEMON at lion.protogeek.org Sun Dec 21 03:09:20 2014 Return-Path: <MAILER-DAEMON at lion.protogeek.org> Date: Sun, 21 Dec 2014 03:09:19 -0600 From: Mail

> On 10 Mar 2015, at 14:30, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > > > On Mon, March 9, 2015 13:11, John Plemons wrote: >> Been working on fail2ban, and trying to make it work with plain Jane >> install of Centos 7 >> >> Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB >> of disk space. Very generic and vanilla.

On Mon, March 9, 2015 13:11, John Plemons wrote: > Been working on fail2ban, and trying to make it work with plain Jane > install of Centos 7 > > Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB > of disk space. Very generic and vanilla. > > Current available epel repo version is fail2ban-0.9.1 > > Looking at the log file, fail2ban starts and stops

I am seeing these in the log of one of our off-site NX hosts running CentOS-6.6. type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket Was caused by: Missing type enforcement (TE) allow rule. You can use

Been working on my anti-spam centos mailserver for a while now and thought I would share fail2ban's help. I installed fail2ban a few weeks back. It was tough to get it working properly but pretty much working now. Although it works fine for brute force, I thought I would run it pretty tough against spammers. I started with a regular mail server, my old one, that is horrendously pounded

On Mon, January 19, 2015 11:50, James B. Byrne wrote: > I am seeing these in the log of one of our off-site NX hosts running > CentOS-6.6. > > type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for > pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0 > tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket > Was caused by:

We're seeing on a few of our servers - and sometimes it's only occasionally on some of those - where fail2ban's running happily, AFAIK, but there's an attack (from China, Brazil, etc) on ssh, and they don't seem to be banned; I see many, many sorries for wrong username or password. It *seems* to work again once restarted. mark

On Mon, September 21, 2015 15:37, m.roth at 5-cent.us wrote: > Gordon Messmer wrote: >> >>> > In other words, the >>> >hostkeys would be identical. >> >> I think what the error indicates is that a client tried to connect >> to SSH, and the host key there did not match the fingerprint in the >> client's "known_hosts" database.

In article <n009u2$85v$1 at softins.softins.co.uk>, Tony Mountifield <tony at softins.co.uk> wrote: > Apologies, this is slightly off-topic being to do with an EPEL package, > although it's running on CentOS6, so I thought others here might have come > across this issue. > > I have five CentOS 6 systems running fail2ban from EPEL, and this > package was updated

Am 17.12.2017 um 00:56 schrieb voytek at sbt.net.au: > I'm trying to setup and test fail2ban with dovecot > > I've installed fail2ban, I've copied config from > https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it, > > attempted multiple mail access with wrong password, but, get this: > > # fail2ban-client status dovecot-pop3imap > Status for

Copy dovecot-pop3imap.conf to dovecot-pop3imap.local.? Edit dovecot-pop3imap.local and add to the failregex: dovecot:.+auth failed.+rip=<HOST> Then run: fail2ban-regex /var/log/dovecot.log /etc/fail2ban/filter.d/dovecot-pop3imap.local and see if you get any matches. Bill On 12/16/2017 6:56 PM, voytek at sbt.net.au wrote: > I'm trying to setup and test fail2ban with dovecot >

Apologies, this is slightly off-topic being to do with an EPEL package, although it's running on CentOS6, so I thought others here might have come across this issue. I have five CentOS 6 systems running fail2ban from EPEL, and this package was updated in the last week from 0.9.2-1.el6 to 0.9.3-1.el6. On all these systems, I received an error from logrotate this morning. It appears that

Have you tried just using the the filter dovecot.conf come with the fail2ban? # cat /etc/fail2ban/filter.d/dovecot.conf ...... failregex = ^%(__prefix_line)s(?:%(__pam_auth)s(?:\(dovecot:auth\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(?:\s+user=\S*)?\s*$ ^%(__prefix_line)s(?:pop3|imap)-login: (?:Info: )?(?:Aborted

Been working on fail2ban, and trying to make it work with plain Jane install of Centos 7 Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB of disk space. Very generic and vanilla. Current available epel repo version is fail2ban-0.9.1 Looking at the log file, fail2ban starts and stops fine, there isn't output though showing any login attempts being restricted.

On 4/7/20 11:54 AM, Gary Stainburn wrote: > I have fail2ban on my mail server monitoring Dovecot and Exim. > > I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log: > > 2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO [dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05 > 2020-04-07 09:42:06,408 fail2ban.actions [16138]:

I got the fail2ban from epel. There were a number of issues relating to using a log file... logwatch was looking for both fail2ban and fail2ban.log logrotate file fail2ban added looked for fail2ban.log and then reset itself to syslog fail2ban itself went to syslog, over riding its fail2ban.log. took a while, but I use /var/log/fail2ban now, that finally worked through logrotates and logwatch.