similar to: faI2ban detecting and banning but nothing happens

> I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested on > another page: The standard exim.conf already has a 535 filter. Was that not working for you? > > \[<HOST>\]: 535 Incorrect authentication data > > which appears to be successfully matchnig lines in /var/log/exim/mail.log such > as > > 2019-04-19 13:06:10 dovecot_plain

On Friday 19 April 2019 15:19:26 Pete Biggs wrote: > > I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested > > on another page: > > The standard exim.conf already has a 535 filter. Was that not working > for you? I was following the instructions as shown on the page. I did find after sending my post that there was already a regex in the standard

I've followed one of the pages on line specifically for installing fail2ban on Centos 7 and all looks fine. I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested on another page: \[<HOST>\]: 535 Incorrect authentication data which appears to be successfully matchnig lines in /var/log/exim/mail.log such as 2019-04-19 13:06:10 dovecot_plain

On Saturday 20 April 2019 00:32:43 Pete Biggs wrote: > What ban action do you use? If it's something like iptables-multiport, > then I wonder if the fact that it's detecting the failures as > '[dovecot]' means that it's using the dovecot ports, not the exim > ports, when applying the iptable rule. > > When a host has been banned, can you look at the

> > I did wonder that myself. I have now amended to Dovecot definition in jail.conf to: > > [dovecot] > > port = pop3,pop3s,imap,imaps,submission,sieve,25,1025,465,587 > logpath = %(dovecot_log)s > backend = %(dovecot_backend)s > > I then unbanned and banned each IP address manually with Did you reload the configuration? ("fail2ban-client reload")

On 4/19/2019 5:30 AM, Gary Stainburn wrote: > I've followed one of the pages on line specifically for installing fail2ban on > Centos 7 and all looks fine. Which page? It would help to see what they advised.

> > The event that triggers the ban does complete as normal, which is what I would > expect as the ban is triggered by the log entry which is *after* the failed > attempt. > > However, after the /var/log/fail2ban.log showed the IP as banned, I continue > to see entries in /var/log/exim/main.log What ban action do you use? If it's something like iptables-multiport,

P? Fri, 26 Apr 2019 11:50:47 +0100 Gary Stainburn <gary.stainburn at ringways.co.uk> skrev: > On Friday 19 April 2019 16:15:32 Kenneth Porter wrote: > > On 4/19/2019 5:30 AM, Gary Stainburn wrote: > > > I've followed one of the pages on line specifically for > > > installing fail2ban on Centos 7 and all looks fine. > > > > Which page? It would

> > > > /var/log/fail2ban.log is showing that it's working: > > I have seem similar odd behaviour with f2b with other filters. > Try to uninstall the package > fail2ban-systemd > and stop and start fail2ban again. > This might change its behavior to the better. > The fail2ban-systemd package configures fail2ban to use systemd journal for log input. The OP

On 4/26/19 3:50 AM, Gary Stainburn wrote: > I can't remember the other one. I have removed all of the manual amendments so am now basically set up as initially installed. This is my process for fail2ban: 1: "yum install fail2ban"? This installs fail2ban and fail2ban-firewalld. 2: install /etc/fail2ban/jail.local.? This file enables the matching rules in

On 4/29/19 1:44 AM, Gary Stainburn wrote: > and the lines are still appearing. Here is my jail.local. (I did also try directly editing jail.conf to update the port commands). > > > [exim] > port = 0:65535 If that's all that's in jail.local, then the jail shouldn't be enabled.? They're off by default.? I'd suggest that you remove fail2ban completely.?

On Monday 29 April 2019 02:21:05 Gordon Messmer wrote: > That's one approach.? I believe that you could modify fewer files by > setting "port = 0:65535" in your definition in "jail.local" and not > install firewallcmd-ipset.local. I have just tried this, and re-started fail2ban. It does not seem to have worked. I have looked at /var/log/exim/main.log and found

On Friday 19 April 2019 16:15:32 Kenneth Porter wrote: > On 4/19/2019 5:30 AM, Gary Stainburn wrote: > > I've followed one of the pages on line specifically for installing fail2ban on > > Centos 7 and all looks fine. > > Which page? It would help to see what they advised. > On Friday 19 April 2019 16:15:32 Kenneth Porter wrote: > On 4/19/2019 5:30 AM, Gary Stainburn

I got the fail2ban from epel. There were a number of issues relating to using a log file... logwatch was looking for both fail2ban and fail2ban.log logrotate file fail2ban added looked for fail2ban.log and then reset itself to syslog fail2ban itself went to syslog, over riding its fail2ban.log. took a while, but I use /var/log/fail2ban now, that finally worked through logrotates and logwatch.

I wasn't sure where else to ask, so I'm asking here. I was banned from #vorbis for 24 hours supposedly for "trolling," about three weeks ago, by Emmett. I guess he got removed from the team soon after, because I'm still banned. I seemed to be Emmett's favorite person to pick on. He told me to "eat a bag of dick" in his Ogg internet radio station thing, and

Hello folks, Recently more and more messages are being killed by xiph.org's postfix anti-spam filter, followed by pleading messages from the author to 'unban' them :-) There's no banning on the group, but the anti-spam filter doesn't take prisoners. Remember these tips: Mail in HTML format is unceremoniously dropped on the floor. You will not be informed it has been

Hello folks, Recently more and more messages are being killed by xiph.org's postfix anti-spam filter, followed by pleading messages from the author to 'unban' them :-) There's no banning on the group, but the anti-spam filter doesn't take prisoners. Remember these tips: Mail in HTML format is unceremoniously dropped on the floor. You will not be informed it has been

On 05/08/2019 08:50, Jon LaBadie wrote: > > I've found the default 10min bans hardly bother some attackers. > So I've added the "recidive" feature of fail2ban. After the > second 10min ban, the attacker is blocked for 1 week. > Interesting, didn't know about that feature, but, oh, I just generally ban for a whole week regardless, yes, I realise that a typo

Changes in CTDB 2.2 =================== User-visible changes -------------------- * The "stopped" event has been removed. The "ipreallocated" event is now run when a node is stopped. Use this instead of "stopped". * New --pidfile option for ctdbd, used by initscript * The 60.nfs eventscript now uses configuration files in /etc/ctdb/nfs-rpc-checks.d/ for

Changes in CTDB 2.5 =================== User-visible changes -------------------- * The default location of the ctdbd socket is now: /var/run/ctdb/ctdbd.socket If you currently set CTDB_SOCKET in configuration then unsetting it will probably do what you want. * The default location of CTDB TDB databases is now: /var/lib/ctdb If you only set CTDB_DBDIR (to the old default of