View Single Post
  #3  
Old 19th March 2012, 09:50
PermaNoob PermaNoob is offline
Senior Member
 
Join Date: Jan 2007
Posts: 194
Thanks: 12
Thanked 5 Times in 5 Posts
Default

Should I replace the following line in sasl.conf

failregex = : warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$

with a line Falko posted in another thread

failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failure

?

The error was because I had added smtpd to: port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s

so now the restart looks ok:

2012-03-19 10:23:26,471 fail2ban.jail : INFO Jail 'ssh' started
2012-03-19 10:23:26,533 fail2ban.jail : INFO Jail 'postfix' started
2012-03-19 10:23:26,593 fail2ban.jail : INFO Jail 'sasl' started
2012-03-19 10:23:29,477 fail2ban.actions: WARNING [ssh] Ban 66.85.166.106

but this ip is still not blocked:

Mar 19 10:37:09 server3 postfix/smtpd[26203]: warning: h201.204.17.98.static.ip.windstream.net[98.17.204.201]: SASL LOGIN authentication failed: authentication failure
Mar 19 10:37:09 server3 postfix/smtpd[26350]: warning: h201.204.17.98.static.ip.windstream.net[98.17.204.201]: SASL LOGIN authentication failed: authentication failure
Mar 19 10:37:09 server3 postfix/smtpd[29163]: warning: h201.204.17.98.static.ip.windstream.net[98.17.204.201]: SASL LOGIN authentication failed: authentication failure
Mar 19 10:37:10 server3 postfix/smtpd[26600]: warning: h201.204.17.98.static.ip.windstream.net[98.17.204.201]: SASL LOGIN authentication failed: authentication failure

Last edited by PermaNoob; 19th March 2012 at 10:38.
Reply With Quote