I'm testing with
fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/sasl.conf
also tried switching to mail.info
fail2ban-regex /var/log/mail.info /etc/fail2ban/filter.d/sasl.conf
and
[sasl]
enabled = true
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = sasl
logpath = /var/log/mail.info
maxretry = 5
still no matches though there are plenty in the log file
|