======== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Debian 6
- Related log if you're reporting an issue:
====
Hello,
I've started to have problem (when I restarted fail2ban) with fail2ban logs but it looks like fail2ban is working.
For exmaple the:
devcot.iredmail.conf
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tr$
ignoreregex =dovecot.log
Jun 03 10:13:57 pop3-login: Info: Disconnected (auth failed, 1 attempts): user=<mail@domain.com>, method=PLAIN, rip=USER_IP_ADDRESS, lip=SERVER_IP_ADDRESS, TLS: Disconnectedjail.local
[dovecot-iredmail]
enabled = true
filter = dovecot.iredmail
action = iptables-multiport[name=dovecot, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", prot$
logpath = /var/log/dovecot.log
maxretry = 3
findtime = 300
bantime = 3600
ignoreip = 127.0.0.1 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16but when i do this:
fail2ban-regex /var/log/dovecot.log etc/fail2ban/filter.d/dovecot.iredmail.confi get:
Results
=======
Failregex
|- Regular expressions:
| [1] etc/fail2ban/filter.d/dovecot.iredmail.conf
|
`- Number of matches:
[1] 0 match(es)
Ignoreregex
|- Regular expressions:
|
`- Number of matches:and in fail2ban.log i get
2013-06-03 10:01:21,869 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-06-03 10:01:21,870 fail2ban.filter : DEBUG /var/log/mail.log has been modified
2013-06-03 10:01:21,870 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-06-03 10:01:24,183 fail2ban.filter : DEBUG /var/log/dovecot.log has been modified
2013-06-03 10:01:24,183 fail2ban.filter : DEBUG Found USER_IP_ADDRESS
2013-06-03 10:01:24,183 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-06-03 10:01:24,637 fail2ban.actions: WARNING [dovecot-iredmail] Ban USER_IP_ADDRESS
2013-06-03 10:01:24,637 fail2ban.actions.action: DEBUG iptables -n -L INPUT | grep -q fail2ban-dovecot
2013-06-03 10:01:24,640 fail2ban.actions.action: DEBUG iptables -n -L INPUT | grep -q fail2ban-dovecot returned successfully
2013-06-03 10:01:24,640 fail2ban.actions.action: DEBUG iptables -I fail2ban-dovecot 1 -s USER_IP_ADDRESS -j DROP
2013-06-03 10:01:24,642 fail2ban.actions.action: DEBUG iptables -I fail2ban-dovecot 1 -s USER_IP_ADDRESS -j DROP returned successfullyAnd when i check USER_IP_ADDRESS is banned but in log files I have mess and I need to straight things out.
In fail2ban.log in loop i have:
2013-06-03 10:01:49,211 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-06-03 10:02:21,245 fail2ban.filter : DEBUG /var/log/dovecot.log has been modifiedand
2013-06-03 10:01:20,868 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-06-03 10:01:21,868 fail2ban.filter : DEBUG /var/log/mail.log has been modifiedIf you could help me straight things out with dovecot I think I can handle by myself proftpd, ssh, etc.
Best regards,
ag