View Single Post
  #4  
Old 19th March 2012, 10:49
PermaNoob PermaNoob is offline
Senior Member
 
Join Date: Jan 2007
Posts: 194
Thanks: 12
Thanked 4 Times in 4 Posts
Default

I replaced

failregex = : warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$

with a line Falko posted in another thread

failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failure

and restarted:

2012-03-19 10:39:58,879 fail2ban.jail : INFO Jail 'ssh' started
2012-03-19 10:39:58,943 fail2ban.jail : INFO Jail 'postfix' started
2012-03-19 10:39:59,002 fail2ban.jail : INFO Jail 'sasl' started
2012-03-19 10:41:59,885 fail2ban.actions: WARNING [ssh] Ban 66.85.166.106

but fail2ban is still not blocking:

Mar 19 10:47:31 server3 postfix/smtpd[29170]: warning: h201.204.17.98.static.ip.windstream.net[98.17.204.201]: SASL LOGIN authentication failed: authentication failure
Mar 19 10:47:31 server3 postfix/smtpd[26350]: connect from h201.204.17.98.static.ip.windstream.net[98.17.204.201]
Mar 19 10:47:32 server3 postfix/smtpd[29170]: disconnect from h201.204.17.98.static.ip.windstream.net[98.17.204.201]
Mar 19 10:47:33 server3 postfix/smtpd[30156]: warning: h201.204.17.98.static.ip.windstream.net[98.17.204.201]: SASL LOGIN authentication failed: authentication failure
Mar 19 10:47:34 server3 postfix/smtpd[26600]: connect from h201.204.17.98.static.ip.windstream.net[98.17.204.201]
Mar 19 10:47:34 server3 postfix/smtpd[30156]: disconnect from h201.204.17.98.static.ip.windstream.net[98.17.204.201]
Mar 19 10:47:36 server3 postfix/smtpd[26350]: warning: h201.204.17.98.static.ip.windstream.net[98.17.204.201]: SASL LOGIN authentication failed: authentication failure
Mar 19 10:47:37 server3 postfix/smtpd[26350]: disconnect from h201.204.17.98.static.ip.windstream.net[98.17.204.201]
Mar 19 10:47:39 server3 postfix/smtpd[26600]: warning: h201.204.17.98.static.ip.windstream.net[98.17.204.201]: SASL LOGIN authentication failed: authentication failure
Mar 19 10:47:40 server3 postfix/smtpd[30154]: connect from h201.204.17.98.static.ip.windstream.net[98.17.204.201]
Mar 19 10:47:40 server3 postfix/smtpd[26600]: disconnect from h201.204.17.98.static.ip.windstream.net[98.17.204.201]
Mar 19 10:47:43 server3 postfix/smtpd[29165]: connect from h201.204.17.98.static.ip.windstream.net[98.17.204.201]
Mar 19 10:47:44 server3 postfix/smtpd[29954]: connect from h201.204.17.98.static.ip.windstream.net[98.17.204.201]
Mar 19 10:47:45 server3 postfix/smtpd[30154]: warning: h201.204.17.98.static.ip.windstream.net[98.17.204.201]: SASL LOGIN authentication failed: authentication failure
Mar 19 10:47:46 server3 postfix/smtpd[30154]: disconnect from h201.204.17.98.static.ip.windstream.net[98.17.204.201]
Mar 19 10:47:48 server3 postfix/smtpd[29165]: warning: h201.204.17.98.static.ip.windstream.net[98.17.204.201]: SASL LOGIN authentication failed: authentication failure
Mar 19 10:47:49 server3 postfix/smtpd[29165]: disconnect from h201.204.17.98.static.ip.windstream.net[98.17.204.201]
Mar 19 10:47:49 server3 postfix/smtpd[29954]: warning: h201.204.17.98.static.ip.windstream.net[98.17.204.201]: SASL LOGIN authentication failed: authentication failure
Mar 19 10:47:50 server3 postfix/smtpd[29954]: disconnect from h201.204.17.98.static.ip.windstream.net[98.17.204.201]
Reply With Quote