Menu
▾
▴
#43 logrotate defeats bantime=-1
Currently running 0.8.3 on centos. configured as per the instructions for logrotate and starting as a service. Generally works great (what a brilliant idea).
The event is configured in jail.conf:
[postfix]
# These are spam hits
enabled = true
filter = postfix
action = iptables[name=postfix, port=smtp, protocol=tcp]
sendmail-whois-mail[name=Agencymail-Spam, dest=ishelp@invtitle.com, sender=postmaster@
logpath = /var/log/maillog
maxretry = 10
bantime = -1
findtime = 1200
ignoreip = 127.0.0.1
Events in the log ban perfectly. However, with bantime=-1 items should be blocked forever (ppesuming I don't restart fail2ban OFC). However, when logrotate
runs at 4:02 AM, I get back
2009-04-12 04:02:19,097 fail2ban.actions: WARNING [postfix] Unban 72.51.9.232
2009-04-12 04:02:19,126 fail2ban.actions: WARNING [postfix] Unban 195.5.186.254
I think I see why, as the instructions say:
/var/log/fail2ban.log {
weekly
rotate 7
missingok
compress
postrotate
/usr/bin/fail2ban-client reload 1>/dev/null || true
endscript
}
which restarts the client. But with bantime=-1 should logrotate really reset the ban'd items?