Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 12th April 2012, 20:43
andron26 andron26 is offline
Member
 
Join Date: Mar 2007
Posts: 52
Thanks: 6
Thanked 1 Time in 1 Post
Default ISPConfit 2 fail2ban problem with dovecot

Hi,

I've installed latest ISPConfig 2 on fedora 15 with perfect setup.
In ISPC I've turned off firewall.

Trying to configure fail2ban to block failed logins to dovecot server.

dovecot.conf in filter.d folder:

[Definition]
failregex = (?: pop3-login|imap_login ): (?:Authentication failure|Aborted login \(auth failed|Aborted login \(auth failed|Disconnected).*rip=(<HOST>),.*
ignoreregex =

dovecot part in jail.conf

[dovecot-pop3imap]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot-pop3imap, port="110,143,995,993,25,465,587"]
logpath = /var/log/maillog
maxretry = 5
findtime = 600
bantime = 3600

Ssh failed attempts are blocked, but dovecot not.
I've stucked. What could be wrong?
If I run fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/dovecot.conf:
Running tests
=============

Use regex file : /etc/fail2ban/filter.d/dovecot.conf
Use log file : /var/log/maillog


Results
=======

Failregex
|- Regular expressions:
| [1] (?: pop3-login|imap_login ): (?:Authentication failure|Aborted login \(auth failed|Aborted login \(auth failed|Disconnected).*rip=(<HOST>),.*
|
`- Number of matches:
[1] 22528 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Addresses found:
[1]
173.192.142.34 (Sun Apr 08 06:58:42 2012)
173.192.142.34 (Sun Apr 08 06:58:42 2012)
173.192.142.34 (Sun Apr 08 06:58:42 2012)
173.192.142.34 (Sun Apr 08 06:58:47 2012)
173.192.142.34 (Sun Apr 08 06:58:47 2012)
173.192.142.34 (Sun Apr 08 06:58:47 2012)
173.192.142.34 (Sun Apr 08 06:58:52 2012)
210.26.5.2 (Thu Apr 12 18:27:40 2012)
210.26.5.2 (Thu Apr 12 18:27:52 2012)
210.26.5.2 (Thu Apr 12 18:27:52 2012)
210.26.5.2 (Thu Apr 12 18:30:40 2012)
210.26.5.2 (Thu Apr 12 18:30:52 2012)
210.26.5.2 (Thu Apr 12 18:30:52 2012)

Date template hits:
63317 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>

Success, the total number of match is 22528

However, look at the above section 'Running tests' which could contain important
information.
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Courier Imap is not working HellMind General 5 12th April 2012 02:04
dovecot start problem veneficus Installation/Configuration 3 10th April 2012 18:39
ISPConfig3 won't start after update Cracklefish Installation/Configuration 15 28th February 2012 15:11
Dovecot fails to deliver to all mail clients zwelabantu Server Operation 8 26th June 2009 13:17
Dovecot fails to deliver to all mail clients zwelabantu Installation/Configuration 3 19th June 2009 17:57


All times are GMT +2. The time now is 02:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.