Hello!
In auth.log i see this:
Code:
Jun 16 23:46:42 srv saslauthd[1419]: pam_unix(smtp:auth): check pass; user unknown
Jun 16 23:46:42 srv saslauthd[1419]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jun 16 23:46:44 srv saslauthd[1419]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Jun 16 23:46:44 srv saslauthd[1419]: do_auth : auth failure: [user=webmaster] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 16 23:46:45 srv saslauthd[1415]: pam_unix(smtp:auth): check pass; user unknown
Jun 16 23:46:45 srv saslauthd[1415]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jun 16 23:46:47 srv saslauthd[1415]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Jun 16 23:46:47 srv saslauthd[1415]: do_auth : auth failure: [user=webmaster] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 16 23:46:48 srv saslauthd[1419]: pam_unix(smtp:auth): check pass; user unknown
Jun 16 23:46:48 srv saslauthd[1419]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jun 16 23:46:50 srv saslauthd[1419]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Jun 16 23:46:50 srv saslauthd[1419]: do_auth : auth failure: [user=webmaster] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 16 23:46:51 srv saslauthd[1416]: pam_unix(smtp:auth): check pass; user unknown
Jun 16 23:46:51 srv saslauthd[1416]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jun 16 23:46:54 srv saslauthd[1416]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Jun 16 23:46:54 srv saslauthd[1416]: do_auth : auth failure: [user=webmaster] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 16 23:46:55 srv saslauthd[1417]: pam_unix(smtp:auth): check pass; user unknown
Jun 16 23:46:55 srv saslauthd[1417]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jun 16 23:46:57 srv saslauthd[1417]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Jun 16 23:46:57 srv saslauthd[1417]: do_auth : auth failure: [user=webmaster] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 16 23:46:58 srv saslauthd[1416]: pam_unix(smtp:auth): check pass; user unknown
Jun 16 23:46:58 srv saslauthd[1416]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jun 16 23:47:00 srv saslauthd[1416]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Jun 16 23:47:00 srv saslauthd[1416]: do_auth : auth failure: [user=webmaster] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 16 23:47:01 srv saslauthd[1418]: pam_unix(smtp:auth): check pass; user unknown
Jun 16 23:47:01 srv saslauthd[1418]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jun 16 23:47:04 srv saslauthd[1418]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Jun 16 23:47:04 srv saslauthd[1418]: do_auth : auth failure: [user=webmaster] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 16 23:47:05 srv saslauthd[1416]: pam_unix(smtp:auth): check pass; user unknown
Jun 16 23:47:05 srv saslauthd[1416]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jun 16 23:47:07 srv saslauthd[1416]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
in mail.log
Code:
warning: unknown[202.109.143.50]: SASL LOGIN authentification failed: authentification failture
last message repeated 15 times
jail.local
Code:
#
# Mail servers
#
[postfix]
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
[couriersmtp]
enabled = true
port = smtp,ssmtp
filter = couriersmtp
logpath = /var/log/mail.log
#
# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
# all relevant ports get banned
#
[courierauth]
enabled = true
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = courierlogin
logpath = /var/log/mail.log
[sasl]
enabled = true
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s,smtpd
filter = sasl
# You might consider monitoring /var/log/warn.log instead
# if you are running postfix. See http://bugs.debian.org/507990
logpath = /var/log/mail.log
sasl.conf
Code:
# Fail2Ban configuration file
#
# Author: Yaroslav Halchenko
#
# $Revision: 728 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
But fail2ban did not block this IP.
How to solve this problem?
Please help!
Thnks.
English | 
Deutsch
Fail2ban configuration
Linear Mode
Recent comments
1 day 5 hours ago
1 day 10 hours ago
1 day 11 hours ago
1 day 12 hours ago
1 day 14 hours ago
1 day 18 hours ago
1 day 19 hours ago
1 day 21 hours ago
2 days 10 hours ago
2 days 12 hours ago