fail2ban-users Mailing List for Fail2Ban

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> On 13 Dec 2017, at 17:46, Gao <ga...@pz...> wrote:
> 
> Hi list,
> 
> My mail server using dovecot v2.2.33 on CentOS 7. I installed fail2ban v0.9.7 from EPEL repo. I just noticed the dovecot filter seems not working. My maillog have entries:
> Dec 11 22:14:00 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=208.100.26.233, lip=10.11.22.68, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<oBeRjh5gZ8nQZBrp>
> Dec 12 03:10:02 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=208.100.26.235, lip=10.11.22.68, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=</7xDsSJgZ+DQZBrr>
> 
> But the test show no match:
> # fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/dovecot.conf 

The dovecot filters showed no matches on my system, too, so I never enabled it.

I also get similar "no auth attempts in 0 secs" entries in the logs, 10 in the last 2 days.

I notice the first entry of this type in my current logs is from University of Michigan Internet-Wide Scanning Research, others from a datacenter in Hong Kong and other hosts on my hoster's network (Linode).

Stroller.

2005	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep (11)	Oct (8)	Nov (10)	Dec (8)
2006	Jan (6)	Feb (1)	Mar (43)	Apr (17)	May (2)	Jun (8)	Jul (9)	Aug (14)	Sep (15)	Oct (25)	Nov (20)	Dec (12)
2007	Jan (29)	Feb (19)	Mar (8)	Apr (12)	May (10)	Jun (9)	Jul (40)	Aug (33)	Sep (74)	Oct (19)	Nov (31)	Dec (13)
2008	Jan (50)	Feb (52)	Mar (43)	Apr (21)	May (68)	Jun (28)	Jul (6)	Aug (25)	Sep (14)	Oct (32)	Nov (7)	Dec (13)
2009	Jan (25)	Feb (1)	Mar (2)	Apr (8)	May (4)	Jun (6)	Jul (24)	Aug (40)	Sep (24)	Oct (15)	Nov (31)	Dec (35)
2010	Jan (6)	Feb (1)	Mar (23)	Apr (16)	May (4)	Jun (36)	Jul (20)	Aug (13)	Sep (36)	Oct (12)	Nov (9)	Dec (2)
2011	Jan (16)	Feb (9)	Mar (21)	Apr (33)	May (27)	Jun (31)	Jul (20)	Aug (7)	Sep (20)	Oct (41)	Nov (29)	Dec (52)
2012	Jan (127)	Feb (36)	Mar (15)	Apr (40)	May (23)	Jun (43)	Jul (84)	Aug (50)	Sep (31)	Oct (45)	Nov (43)	Dec (47)
2013	Jan (39)	Feb (83)	Mar (50)	Apr (50)	May (79)	Jun (87)	Jul (71)	Aug (41)	Sep (39)	Oct (81)	Nov (61)	Dec (74)
2014	Jan (76)	Feb (50)	Mar (45)	Apr (62)	May (59)	Jun (21)	Jul (93)	Aug (64)	Sep (53)	Oct (44)	Nov (37)	Dec (43)
2015	Jan (60)	Feb (72)	Mar (35)	Apr (50)	May (52)	Jun (89)	Jul (110)	Aug (94)	Sep (77)	Oct (82)	Nov (41)	Dec (26)
2016	Jan (42)	Feb (44)	Mar (26)	Apr (55)	May (26)	Jun (17)	Jul (63)	Aug (38)	Sep (43)	Oct (50)	Nov (45)	Dec (55)
2017	Jan (26)	Feb (29)	Mar (28)	Apr (40)	May (2)	Jun (16)	Jul (22)	Aug (21)	Sep (35)	Oct (47)	Nov (10)	Dec (15)
2018	Jan (18)	Feb (35)	Mar (71)	Apr (9)	May (39)	Jun (19)	Jul (14)	Aug (108)	Sep (5)	Oct (34)	Nov (24)	Dec (13)
2019	Jan (13)	Feb (19)	Mar (33)	Apr (11)	May (21)	Jun (61)	Jul (21)	Aug (80)	Sep (26)	Oct (10)	Nov (8)	Dec (4)
2020	Jan (26)	Feb (81)	Mar (31)	Apr (37)	May (52)	Jun (10)	Jul (47)	Aug (25)	Sep (63)	Oct (36)	Nov (19)	Dec (18)
2021	Jan (49)	Feb (11)	Mar (18)	Apr (21)	May (66)	Jun (8)	Jul (35)	Aug (30)	Sep (10)	Oct (31)	Nov (4)	Dec (23)
2022	Jan (1)	Feb (16)	Mar (34)	Apr (6)	May (2)	Jun	Jul (1)	Aug (17)	Sep (1)	Oct (2)	Nov (4)	Dec (16)
2023	Jan (10)	Feb (39)	Mar (7)	Apr (44)	May (17)	Jun (20)	Jul	Aug (2)	Sep (10)	Oct (7)	Nov (3)	Dec (3)
2024	Jan (1)	Feb (10)	Mar (8)	Apr (1)	May (19)	Jun (15)	Jul (3)	Aug (5)	Sep (1)	Oct	Nov	Dec
2025	Jan	Feb (11)	Mar (3)	Apr (2)	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13 (4)	14 (3)	15 (6)	16 (1)
17	18	19	20	21	22	23
24	25	26 (1)	27	28	29	30
31

fail2ban-users Mailing List for Fail2Ban

fail2ban-users — The mailing list for help on getting Fail2Ban up and running on your machine