Fail2Ban jail.local

Discussion in 'Installation/Configuration' started by bswinnerton, May 7, 2008.

  1. bswinnerton

    bswinnerton New Member

    Hey guys,

    I just followed:

    http://howtoforge.com/fail2ban_debian_etch

    But I am currently running ubuntu. And after I restart the service I get:

    Code:
    2008-05-06 23:03:36,769 fail2ban.comm   : WARNING Invalid command: ['set', 'courierpop3', 'failregex', 'courierpop3login: LOGIN FAILED.*ip=\\[.*:<HOST>\\]']
    
    and here is my jail.local:

    Code:
    [courierpop3]
    
    enabled  = true
    port     = pop3
    filter   = courierlogin
    failregex = courierpop3login: LOGIN FAILED.*ip=\[.*:<HOST>\]
    logpath  = /var/log/mail.log
    maxretry = 5 
    
    Isn't that the right syntax?

    Thanks
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Hm... Not sure why this is happening... :confused:
     
  3. bswinnerton

    bswinnerton New Member

    Would fail2ban still block if i left out the failregex part?
     
  4. bswinnerton

    bswinnerton New Member

    Also, one more thing if this helps solve the problem.

    Here is what happens in my log when someone tries to log in and fails:

    Code:
    May 13 09:18:50 myserver imapd: Connection, ip=[::ffff:127.0.0.1]
    May 13 09:18:50 myserver imapd: LOGIN FAILED, user=testuser@test.com, ip=[::ffff:127.0.0.1]
    May 13 09:18:55 myserver imapd: Disconnected, ip=[::ffff:127.0.0.1], time=5
    
    and here is what is in my jail:

    Code:
    [courierimap]
    
    enabled  = true
    port     = imap2
    filter   = courierlogin
    failregex = imapd: LOGIN FAILED.*ip=\[.*:<HOST>\]
    logpath  = /var/log/mail.log
    maxretry = 4
    
     
    Last edited: May 14, 2008
  5. falko

    falko Super Moderator ISPConfig Developer

    Depends on if there's a filter for Courier in /etc/fail2ban/filter.d/.
     
  6. bswinnerton

    bswinnerton New Member

    This is just a step in the dark, but maybe it won't let you put failregex if you already have it in filter.d?
     
  7. falko

    falko Super Moderator ISPConfig Developer

    Maybe. You could move the appropriate file from filter.d to some other directory and try again.
     

Share This Page