From: Bob C. <bo...@mo...> - 2011-06-05 21:12:25
|
On May 29, 2011, at 8:49 PM, Ed Ravin wrote: > auth_verbose=yes > > This tells Dovecot to log those bad password attempts. It still won't > stop them, but now that you've got logs to work with you can trigger > fail2ban with a regex like this: > > failregex = dovecot.*auth.default.: .*,<HOST>.: Password mismatch > dovecot.*auth.default.: .*,<HOST>.: unknown user > dovecot.* (?:imap|pop3)-login: Aborted login: rip=<HOST>, Ed, Thanks. I did as you suggested. That seemed to help for a while. Here's the latest: Jun 4 11:47:35 fortapache dovecot: auth(default): pam(admin,211.100.52.212): pam_authenticate() failed: User not known to the underlying authentication module Jun 4 11:47:40 fortapache dovecot: auth(default): pam(mail,211.100.52.212): pam_authenticate() failed: Authentication failure I never really mastered regexes. Would the following work on the above? dovecot.*auth.default.: .*,<HOST>.: Authentication failure Bob |