Displaying 20 results from an estimated 2000 matches similar to: "fail2ban 0.8"
2017 Mar 01
3
fail2ban Asterisk 13.13.1
Hello, fail2ban does not ban offending IP.
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for 'offending-IP:53417' - Wrong
password
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for ?offending-IP:53911' -
Wrong password
systemctl status
2013 Oct 04
4
fail2ban
For dovecot 2.1
as per wiki2, is this still valid? noticed a problem before and saw
it does seem to be triggering, I use:
maxretry = 6
findtime = 600
bantime = 3600
and there was like, 2400 hits in 4 minutes, it is pointing to the
correct log file, but I am no expert with fail2ban, so not sure if the
log format of today is compatible with the wiki2 entry
filter.d/dovecot.conf
[Definition]
2017 Jul 27
1
under another kind of attack
> On 26 Jul 2017, at 7:57 pm, Olaf Hopp <Olaf.Hopp at kit.edu> wrote:
>
> Dear collegues,
>
> many thanks for your valuable input.
>
> Since we are an university GEO-IP blocking is not an option for us.
> Somestimes I think it should ;-)
>
> My "mistake" was that I had just *one* fail2ban filter for both cases:
> "wrong password" and
2009 Mar 14
3
Account lockout option?
I'm currently using postfix and dovecot, with dovecot authentication
(with saslauthd) using mysql for accounts
Is there any option available for me to help inhibit/prevent
brute-force login attempts?
Thx.
Rick
Rick Steeves
http://www.sinister.net
"The journey is the destination"
2017 Dec 16
7
ot: fail2ban dovecot setup
I'm trying to setup and test fail2ban with dovecot
I've installed fail2ban, I've copied config from
https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it,
attempted multiple mail access with wrong password, but, get this:
# fail2ban-client status dovecot-pop3imap
Status for the jail: dovecot-pop3imap
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File
2017 Jul 29
1
under another kind of attack
Hi to all,
@Olaf Hopp I've this filter enabled for fail2ban, my question is: could
my filters overlap or interfere with those suggested by you?
this is my filter:
Contents of /etc/fail2ban/jail.conf:
[postfix]
# Ban for 10 minutes if it fails 6 times within 10 minutes
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 6
bantime = 600
2018 May 17
2
Decoding SIP register hack
I need some help understanding SIP dialog. Some actor is trying to
access my server, but I can't figure out what he's trying to do ,or how.
I'm getting a lot of these warnings.
[May 17 10:08:08] WARNING[1532]: chan_sip.c:4068 retrans_pkt:
Retransmission timeout reached on transmission
_zIr9tDtBxeTVTY5F7z8kD7R.. for seqno 101
With SIP DEBUG I tracked the Call-ID to this INVITE :
2011 Aug 09
3
fail2ban help
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=my at email]
logpath = /var/log/maillog
maxretry = 6
and the following filter:
2017 Mar 02
3
fail2ban Asterisk 13.13.1
If this is a small site, I recommend you download the free version of SecAst
(www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does
NOT use the log file, or regexes, to match etc.instead it talks to Asterisk
through the AMI to extract security information. Messing with regexes is a
losing battle, and the lag in reading logs can allow an attacker 100+
registration
2012 Apr 20
2
fail2ban attempt, anyone want to add anything?
Tonight I added fail2ban to one of my webservers to test it out.
Here is my step by step, as best as I could figure it
out...documentation a bit sketchy.
feel free to add anything to it or suggest changes.
I tried to set it up to deal with ssh, http authentication, dovecot,
ftp, and postfix
I could find no working example for centos 6 and there is no fail2ban
book available to peruse.
So,
2007 Jan 31
1
Fw: error after installation
----- Original Message -----
From: "jepoy" <jcb at dream.com.ph>
To: <lrosa at hypertrek.info>
Sent: Wednesday, January 31, 2007 1:43 PM
Subject: Re: [Dovecot] error after installation
>
> ----- Original Message -----
> From: "Luigi Rosa" <lrosa at hypertrek.info>
> To: "Dovecot Mailing List" <dovecot at dovecot.org>
> Sent:
2013 Apr 10
3
fail2ban problem
Hello list
I'm trying to setup fail2ban specially sasl action but I'm facing problems.
I have centos-release-5-9.el5.centos.1
and
fail2ban-0.8.7.1-1.el5.rf
installed
with selinux disabled
The errors I get are:
INFO Creating new jail 'sasl-iptables'
fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables',
'polling']
I tried gemin against
2012 May 28
1
anyone care to helop with a fail2ban problem on Centos 5.8?
I've got an up-to-date Centos 5.8 and can't seem to get fail2ban to
get rid of troublesome sshd login attempts. /etc/fail2ban/jail.conf
has these sections:
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
# Generic filter for pam. Has to be used with action which bans all ports
# such as iptables-allports, shorewall
[pam-generic]
enabled =
2009 May 11
4
Fail2Ban and the Dovecot log
Hi,
Is there any way to disable the "dovecot: " at the beginning of each
line of the log? Fail2Ban responds poorly to it. I know there are a
number of sites with "failregex" strings for Fail2Ban and Dovecot, but
I've tried them all, and they don't work, at least with the latest
Fail2ban and the latest Dovecot. The Fail2Ban wiki is pretty clear
about why there
2013 Apr 13
4
2.2.0 lmtp runtime error
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I didn't have much time in the last 2 weeks, so I was stuck to a functioning
2.2.rc3 + pigeonhole 0.4.0
Server is CentOS 64:
Linux mail.luigirosa.com 2.6.32-358.2.1.el6.centos.plus.x86_64 #1 SMP Wed Mar
13 02:09:07 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
I compiled and installed 2.2.0 and rebuilt pigeonhole 0.4.0 and this hapens
ans soon as a
2008 Dec 11
2
TLS timeout with 1.2a4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have a mail server CentOS 64bit (4 Gb RAM) with Dovecot 1.2a4 and three
accounts. I use Thunderbird 2.
If I enable SSL connection in Thunderbird 2, after three-five minutes I got a
lot of different errors in Thunderbird (Server is not IMAP, Connection lost...).
Everything comes back to normal if I restart Dovecot in the server, but after 5
minutes
2008 Jul 23
1
[Fwd: Re: fail2ban needs shorewall?]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've used denyhosts.
If you do have an issue with fail2ban, it does pretty much the same thing.
Andy
- -------- Original Message --------
Subject: Re: [CentOS] fail2ban needs shorewall?
Date: Wed, 23 Jul 2008 17:08:07 +0200
From: Kai Schaetzl <maillists at conactive.com>
Reply-To: CentOS mailing list <centos at centos.org>
To:
2008 Jan 19
5
Time just moved backwards error even with ntpd
Scenario: server PC abruptly switched off due to power cable problems
(an UPS cannot solve this issue), so during shutdown Linux was not
able to resinchronize the system clock. After a few hours the server
come back on, Linux booted and the services (ntpd, dovecot and many
others) started
But the system clock was 45 minutes ahead, so:
Jan 19 11:13:39 gw ntpd[2112]: synchronized to LOCAL(0),
2020 May 22
3
fail2ban setup centos 7 not picking auth fail?
On Fri, May 22, 2020 2:05 pm, Adi Pircalabu wrote:
> On 22-05-2020 10:38, Voytek Eymont wrote:
>
> Hardly a Dovecot issue. Can you please post the output of this command?
> /usr/bin/fail2ban-regex /var/log/dovecot.log
> /etc/fail2ban/filter.d/dovecot.conf
Adi,
thanks, what I get is:
# /usr/bin/fail2ban-regex /var/log/dovecot.log
/etc/fail2ban/filter.d/dovecot.conf
Running
2017 Sep 11
3
Fail2ban 'Password mismatch' regex
I have turned on 'auth_debug_passwords=yes? in dovecot.conf.
I?m trying to get Fail2ban to detect this log line:
Sep 11 15:52:49 mail dovecot[54239]: auth-worker(10094): sql(user at bordo.com.au <mailto:user at bordo.com.au>,::1,<L2xqieNYeM4AAAAAAAAAAAAAAAAAAAAB>): Password mismatch (given password: 2)
I?ve added it as the last line of my dovecot filter regex:
failregex =