From: Andreas M. <an...@an...> - 2008-02-11 21:59:51
|
allright, that was it! The regex for perdition works as expexted. Thank you! Andreas Meyer We live in an incredible age. Information is obtained at the speed of light. Mein öffentlicher GPG-Schlüssel unter: http://gpg-keyserver.de/pks/lookup?search=anmeyer&fingerprint=on&op=index Yaroslav Halchenko <li...@on...> schrieb: > well... I don't think you want to ban localhost (ie 127.0.0.1) and it is > in ingoreip by default, thus fail2ban doesn't ban it > > you should tyr incorrect logins from remote IPs > > On Sun, 10 Feb 2008, Andreas Meyer wrote: > > > Hello! > > > A problem with fail2ban and iptables. I get no entry to iptabels after > > 3 failed logins to perdition. > > > [perdition-iptables] > > > enabled = true > > filter = perdition > > action = iptables[name=perdition, port=pop3, protocol=tcp] > > sendmail-whois[name=perdition, dest=ba...@an..., sender=fai...@an...] > > logpath = /var/log/perdition > > maxretry = 3 > > > > An entry about a failed login to perdition looks like this: > > Feb 9 20:41:46 perdition[19622]: Auth: 127.0.0.1->127.0.0.1 user="asdf" server="delta.anup.dmz" port="110" status="failed: Re-Authentication Failure" > > > The regexec looks like this and I verified it OK with fail2ban-regex: > > [Definition] > > > failregex = perdition\[[0-9]+\]: Auth: .*-\><HOST> user=".+" server="delta.anup.dmz" port="110" status="failed: Re-Authentication Failure" > > ignoreregex = |