similar to: fail2ban setup centos 7 not picking auth fail?

Displaying 20 results from an estimated 800 matches similar to: "fail2ban setup centos 7 not picking auth fail?"

2020 May 22
0
fail2ban setup centos 7 not picking auth fail?
On 22-05-2020 15:45, Voytek Eymont wrote: > On Fri, May 22, 2020 2:05 pm, Adi Pircalabu wrote: >> On 22-05-2020 10:38, Voytek Eymont wrote: > >> >> Hardly a Dovecot issue. Can you please post the output of this >> command? >> /usr/bin/fail2ban-regex /var/log/dovecot.log >> /etc/fail2ban/filter.d/dovecot.conf > > > Adi, > > thanks, what
2020 May 22
4
fail2ban setup centos 7 not picking auth fail?
I use SSHGuard on well ssh (doh!), but supposedly you can use it for postfix and dovecot also. I can tell you it is well supported. I am on Centos 7 using firewalld. ? Original Message ? From: adi at ddns.com.au Sent: May 21, 2020 11:01 PM To: voytek at sbt.net.au Cc: dovecot at dovecot.org Subject: Re: fail2ban setup centos 7 not picking auth fail? On 22-05-2020 15:45, Voytek Eymont
2019 Apr 09
1
Editing fail2ban page?
In https://wiki.dovecot.org/HowTo/Fail2Ban, for a current (I know for a fact in 2.2.36) I believe it should be filter = dovecot instead of filter = dovecot-pop3imap [root at mail ~]# ls -l /etc/fail2ban/filter.d/doveco* -rw-r--r-- 1 root root 1875 May 11 2017 /etc/fail2ban/filter.d/dovecot.conf [root at mail ~]#
2020 May 22
1
fail2ban setup centos 7 not picking auth fail?
I'm trying to set up fail2ban with dovecot, I have it working on 'old' server Centos 6, but, not getting anywhere with 'new' server on Centos 7 using standard filters I've copied same 'filter' to new server, still get nothing any idea how to figure this out ? on old server, it logs to syslog/messages CentOS release 6.10 (Final) dovecot 2.3.10.1 (a3d0e1171) old #
2017 Dec 16
7
ot: fail2ban dovecot setup
I'm trying to setup and test fail2ban with dovecot I've installed fail2ban, I've copied config from https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it, attempted multiple mail access with wrong password, but, get this: # fail2ban-client status dovecot-pop3imap Status for the jail: dovecot-pop3imap |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File
2009 May 11
4
Fail2Ban and the Dovecot log
Hi, Is there any way to disable the "dovecot: " at the beginning of each line of the log? Fail2Ban responds poorly to it. I know there are a number of sites with "failregex" strings for Fail2Ban and Dovecot, but I've tried them all, and they don't work, at least with the latest Fail2ban and the latest Dovecot. The Fail2Ban wiki is pretty clear about why there
2019 Jun 06
2
Fail2ban for asterisk 16 PJSIP
Hello Anyone have a working copy of Fail2ban asterisk filter asterisk.conf for Asterisk 16 running PJSIP. I have tried 10 different filters but none of them show any matches when testing with fail2ban-regex I see date template hits but no matches.... My log [2019-06-06 15:37:20] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at
2009 Mar 14
3
Account lockout option?
I'm currently using postfix and dovecot, with dovecot authentication (with saslauthd) using mysql for accounts Is there any option available for me to help inhibit/prevent brute-force login attempts? Thx. Rick Rick Steeves http://www.sinister.net "The journey is the destination"
2013 Oct 04
4
fail2ban
For dovecot 2.1 as per wiki2, is this still valid? noticed a problem before and saw it does seem to be triggering, I use: maxretry = 6 findtime = 600 bantime = 3600 and there was like, 2400 hits in 4 minutes, it is pointing to the correct log file, but I am no expert with fail2ban, so not sure if the log format of today is compatible with the wiki2 entry filter.d/dovecot.conf [Definition]
2011 Aug 09
3
fail2ban help
Hello list. I have a question for fail2ban for bad logins on sasl. I use sasl, sendmail and cyrus-imapd. In jail.conf I use the following syntax: [sasl-iptables] enabled = true filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=my at email] logpath = /var/log/maillog maxretry = 6 and the following filter:
2017 Jul 20
3
under some kind of attack
Hi all, If I may, one more question on this subject: I would like to create a fail2ban filer, that scans for these lines: > Jul 20 11:10:09 auth: Info: ldap(user1,60.166.35.162,<cDFXHbxUQgA8piOi>): invalid credentials (given password: password) > Jul 20 11:10:19 auth: Info: ldap(user2,61.53.66.4,<V+nyHbxU+wA9NUIE>): invalid credentials (given password: password) (as you can
2008 Jul 23
1
[Fwd: Re: fail2ban needs shorewall?]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've used denyhosts. If you do have an issue with fail2ban, it does pretty much the same thing. Andy - -------- Original Message -------- Subject: Re: [CentOS] fail2ban needs shorewall? Date: Wed, 23 Jul 2008 17:08:07 +0200 From: Kai Schaetzl <maillists at conactive.com> Reply-To: CentOS mailing list <centos at centos.org> To:
2018 May 07
2
[sieve][regex] Matching multiple strings in the "Received" header
Adi Pircalabu skrev den 2018-05-07 05:10: > How should I write it to also match the space character at both the > beginning and end of the expression? use \ before space char
2017 Mar 14
3
Dovecot 2.2.27 proxy - enforcing per client IP connection limits
Hi, mail_max_userip_connections is only enforced at the backend level. The setting has no effect on proxy. If you want to force the limit then you can only do it in the backend. Sami > On 9 Mar 2017, at 12.05, Adi Pircalabu <adi at ddns.com.au> wrote: > > Quick follow-up: updated the proxies to 2.2.28, but I still couldn't find a way to limit the inbound IMAP connections per
2019 May 31
3
sieve setup. no svbin ?
On Fri, May 31, 2019 10:18 am, Ralph Seichter via dovecot wrote: > * Voytek Eymont via dovecot: > Try runing "sievec -u {your_linux_user} /path/to/whatever.sieve" from a > shell and check the resulting error messages. Raplh, thanks so, am I'm missing sql lookup for sieve...? # sievec -u voytek dovecot.sieve sievec(voytek)<9667><>: Error: user voytek: Auth
2017 Sep 11
3
Fail2ban 'Password mismatch' regex
I have turned on 'auth_debug_passwords=yes? in dovecot.conf. I?m trying to get Fail2ban to detect this log line: Sep 11 15:52:49 mail dovecot[54239]: auth-worker(10094): sql(user at bordo.com.au <mailto:user at bordo.com.au>,::1,<L2xqieNYeM4AAAAAAAAAAAAAAAAAAAAB>): Password mismatch (given password: 2) I?ve added it as the last line of my dovecot filter regex: failregex =
2018 Nov 15
2
huge increase in storage activity afther dovecot upgrade
Yes, multiple imap servers using one shared nfs storage. With the same config on 2.2.13 the public interface traffic was similar to the storage interface, around 100 mbps. After we switch to 2.2.27 the storage interface traffic jumped 10 times while the public interface stayed the same. This make us thinking that something is wrong and each time a user logs in the whole Inbox content is read
2017 Feb 12
3
NIC Stability Problems Under Xen 4.4 / CentOS 6 / Linux 3.18
On 11/02/17 06:29, Kevin Stange wrote: > On 01/30/2017 06:41 PM, Kevin Stange wrote: >> On 01/30/2017 06:12 PM, Adi Pircalabu wrote: >>> On 31/01/17 10:49, Kevin Stange wrote: >>>> You said 3.x kernels specifically. The kernel on Xen Made Easy now is a >>>> 4.4 kernel. Any chance you have tested with that one? >>> >>> Not yet, however
2017 Jul 20
3
under some kind of attack
Am 20.07.2017 um 12:28 schrieb mj: > I have concoted something that seems to work. And for the archives, this > is it: > >> failregex = auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials >> \(given password: .+ssword\) >> auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials >> \(given password: 1qaz2wsx\) >> auth:
2013 Apr 10
3
fail2ban problem
Hello list I'm trying to setup fail2ban specially sasl action but I'm facing problems. I have centos-release-5-9.el5.centos.1 and fail2ban-0.8.7.1-1.el5.rf installed with selinux disabled The errors I get are: INFO Creating new jail 'sasl-iptables' fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables', 'polling'] I tried gemin against