From: Feel Z. <fee...@gm...> - 2012-10-09 05:52:56
|
Hello, my friend I have install the fail2ban few days before and set the file /etc/fail2ban/jail.conf [sasl-iptables] enabled = true filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=to...@yi...] logpath = /var/log/maillog maxretry = 5 /etc/fail2ban/filter.d/sasl.conf failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: \w run the failban proogram when the server start today, I got so many maillog about sasl authentication failed It means fail2ban do not work at that time /var/log/maillog Oct 9 09:50:06 shcx postfix/smtpd[19614]: warning: SASL authentication failure: All-whitespace username. Oct 9 09:50:06 shcx postfix/smtpd[19614]: warning: mail.vassallobilotta.com[74.223.197.162]: SASL LOGIN authentication failed: generic failure Oct 9 09:50:09 shcx postfix/smtpd[19614]: warning: SASL authentication failure: All-whitespace username. Oct 9 09:50:09 shcx postfix/smtpd[19614]: warning: mail.vassallobilotta.com[74.223.197.162]: SASL LOGIN authentication failed: generic failure ........hundreds of log just like that Oct 9 13:12:12 shcx postfix/smtpd[19899]: warning: mail.vassallobilotta.com[74.223.197.162]: SASL LOGIN authentication failed: authentication failure Maybe I set something wrong, can you help me Thanks for your time TOM |
From: Yaroslav H. <li...@on...> - 2012-10-09 13:37:17
|
On Tue, 09 Oct 2012, Feel Zhou wrote: > run the failban proogram when the server start > today, I got so many maillog about sasl authentication failed > It means fail2ban do not work at that time who knows -- we never saw fail2ban.log and what it thinks ... also provide more context lines from maillog since now it is also not clear if that IP was not ever banned or was banned at some point etc also you are banning only smtp port -- what about ssmtp 465 -- are you sure you aren't using it? have you ran fail2ban-regex on your log file? NB Extended http://www.fail2ban.org/wiki/index.php/HOWTO_Seek_Help further to seek for output of fail2ban-regex in such cases. > /var/log/maillog > ������� Oct� 9 09:50:06 shcx postfix/smtpd[19614]: warning: SASL > authentication failure: All-whitespace username. -- Yaroslav O. Halchenko Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |