Displaying 20 results from an estimated 10000 matches similar to: "Fail2ban mail failures ???"
2014 Dec 27
0
CentOS Digest, Vol 119, Issue 26 - Email found in subject
Received
-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of centos-request at centos.org
Sent: Saturday, December 27, 2014 6:00 AM
To: centos at centos.org
Subject: CentOS Digest, Vol 119, Issue 26 - Email found in subject
Send CentOS mailing list submissions to
centos at centos.org
To subscribe or unsubscribe via the World Wide
2014 Dec 26
0
Fail2ban mail failures ???
On 2014-12-26 12:39 pm, Robert G. (Doc) Savage wrote:
> I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
> alerts sent to root's mail to be rejected. Here's a clip from one of
> the
> error messages:
>
>
> Message 48:
> From MAILER-DAEMON at lion.protogeek.org Sun Dec 21 03:09:20 2014
> Return-Path:
2014 Dec 27
1
Fail2ban mail failures ???
-----Original Message-----
From: ????????? ???????? <nevis2us at infoline.su>
Reply-to: CentOS mailing list <centos at centos.org>
To: CentOS mailing list <centos at centos.org>
Subject: Re: [CentOS] Fail2ban mail failures ???
Date: Fri, 26 Dec 2014 21:30:39 +0300
Robert G. (Doc) Savage ????? 2014-12-26 20:39:
> I'm using fail2ban with CentOS 6.6. Something is causing
2014 Dec 26
0
Fail2ban mail failures ???
Robert G. (Doc) Savage ????? 2014-12-26 20:39:
> I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
> alerts sent to root's mail to be rejected. Here's a clip from one of
> the
> error messages:
>
>
> Message 48:
> From MAILER-DAEMON at lion.protogeek.org Sun Dec 21 03:09:20 2014
> Return-Path:
2014 Dec 26
4
Fail2ban mail failures ???
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of the
error messages:
Message 48:
From MAILER-DAEMON at lion.protogeek.org Sun Dec 21 03:09:20 2014
Return-Path: <MAILER-DAEMON at lion.protogeek.org>
Date: Sun, 21 Dec 2014 03:09:19 -0600
From: Mail
2015 Mar 10
0
Fail2Ban Centos 7 is there a trick to making it work?
> On 10 Mar 2015, at 14:30, James B. Byrne <byrnejb at harte-lyne.ca> wrote:
>
>
> On Mon, March 9, 2015 13:11, John Plemons wrote:
>> Been working on fail2ban, and trying to make it work with plain Jane
>> install of Centos 7
>>
>> Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
>> of disk space. Very generic and vanilla.
2015 Mar 10
2
Fail2Ban Centos 7 is there a trick to making it work?
On Mon, March 9, 2015 13:11, John Plemons wrote:
> Been working on fail2ban, and trying to make it work with plain Jane
> install of Centos 7
>
> Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
> of disk space. Very generic and vanilla.
>
> Current available epel repo version is fail2ban-0.9.1
>
> Looking at the log file, fail2ban starts and stops
2015 Jan 19
2
CentOS-6.6 Fail2Ban and Postfix Selinux AVCs
I am seeing these in the log of one of our off-site NX hosts running
CentOS-6.6.
type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for
pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0
tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket
Was caused by:
Missing type enforcement (TE) allow rule.
You can use
2012 May 09
1
Spam, fail2ban and centos
Been working on my anti-spam centos mailserver for a while now and
thought I would share fail2ban's help.
I installed fail2ban a few weeks back. It was tough to get it working
properly but pretty much working now.
Although it works fine for brute force, I thought I would run it pretty
tough against spammers.
I started with a regular mail server, my old one, that is horrendously
pounded
2015 Jan 19
0
CentOS-6.6 Fail2Ban and Postfix Selinux AVCs
On Mon, January 19, 2015 11:50, James B. Byrne wrote:
> I am seeing these in the log of one of our off-site NX hosts running
> CentOS-6.6.
>
> type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for
> pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0
> tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket
> Was caused by:
2012 Aug 13
1
Odd issue with fail2ban
We're seeing on a few of our servers - and sometimes it's only
occasionally on some of those - where fail2ban's running happily, AFAIK,
but there's an attack (from China, Brazil, etc) on ssh, and they don't
seem to be banned; I see many, many sorries for wrong username or
password.
It *seems* to work again once restarted.
mark
2015 Sep 22
0
CentOS6 - Break in attempt? What is the Exploit?
On Mon, September 21, 2015 15:37, m.roth at 5-cent.us wrote:
> Gordon Messmer wrote:
>>
>>> > In other words, the
>>> >hostkeys would be identical.
>>
>> I think what the error indicates is that a client tried to connect
>> to SSH, and the host key there did not match the fingerprint in the
>> client's "known_hosts" database.
2015 Oct 18
0
[OT] fail2ban update (epel) breaks logrotate
In article <n009u2$85v$1 at softins.softins.co.uk>,
Tony Mountifield <tony at softins.co.uk> wrote:
> Apologies, this is slightly off-topic being to do with an EPEL package,
> although it's running on CentOS6, so I thought others here might have come
> across this issue.
>
> I have five CentOS 6 systems running fail2ban from EPEL, and this
> package was updated
2017 Dec 17
0
ot: fail2ban dovecot setup
Am 17.12.2017 um 00:56 schrieb voytek at sbt.net.au:
> I'm trying to setup and test fail2ban with dovecot
>
> I've installed fail2ban, I've copied config from
> https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it,
>
> attempted multiple mail access with wrong password, but, get this:
>
> # fail2ban-client status dovecot-pop3imap
> Status for
2017 Dec 17
0
ot: fail2ban dovecot setup
Copy dovecot-pop3imap.conf to dovecot-pop3imap.local.? Edit
dovecot-pop3imap.local and add to the failregex:
dovecot:.+auth failed.+rip=<HOST>
Then run:
fail2ban-regex /var/log/dovecot.log /etc/fail2ban/filter.d/dovecot-pop3imap.local
and see if you get any matches.
Bill
On 12/16/2017 6:56 PM, voytek at sbt.net.au wrote:
> I'm trying to setup and test fail2ban with dovecot
>
2015 Oct 18
0
[OT] fail2ban update (epel) breaks logrotate
Apologies, this is slightly off-topic being to do with an EPEL package,
although it's running on CentOS6, so I thought others here might have come
across this issue.
I have five CentOS 6 systems running fail2ban from EPEL, and this
package was updated in the last week from 0.9.2-1.el6 to 0.9.3-1.el6.
On all these systems, I received an error from logrotate this morning.
It appears that
2017 Dec 18
0
ot: fail2ban dovecot setup
Have you tried just using the the filter dovecot.conf come with the
fail2ban?
# cat /etc/fail2ban/filter.d/dovecot.conf
......
failregex =
^%(__prefix_line)s(?:%(__pam_auth)s(?:\(dovecot:auth\))?:)?\s+authentication
failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S*
rhost=<HOST>(?:\s+user=\S*)?\s*$
^%(__prefix_line)s(?:pop3|imap)-login: (?:Info: )?(?:Aborted
2015 Mar 09
1
Fail2Ban Centos 7 is there a trick to making it work?
Been working on fail2ban, and trying to make it work with plain Jane
install of Centos 7
Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
of disk space. Very generic and vanilla.
Current available epel repo version is fail2ban-0.9.1
Looking at the log file, fail2ban starts and stops fine, there isn't
output though showing any login attempts being restricted.
2020 Apr 07
0
fail2ban ban not working
On 4/7/20 11:54 AM, Gary Stainburn wrote:
> I have fail2ban on my mail server monitoring Dovecot and Exim.
>
> I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log:
>
> 2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO [dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05
> 2020-04-07 09:42:06,408 fail2ban.actions [16138]:
2012 Apr 27
1
fail2ban logrotate failure
I got the fail2ban from epel.
There were a number of issues relating to using a log file...
logwatch was looking for both fail2ban and fail2ban.log
logrotate file fail2ban added looked for fail2ban.log and then reset
itself to syslog
fail2ban itself went to syslog, over riding its fail2ban.log.
took a while, but I use /var/log/fail2ban now, that finally worked
through logrotates and logwatch.