• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Fail2Ban authentication failure monitor and Plesk Spam Assasin stopping and starting

M

miguel.obando

New Pleskian
Watchdog is running since Aug 10, 2021 02:17 PM.
Watchdog is monitoring services:
Plesk Web Server
Plesk PHP Engine
Web Server (Apache)
SMTP Server (Postfix)
Dovecot IMAP and POP3 server
DNS Server (BIND)
MySQL
PostgreSQL
Plesk SpamAssassin
Plesk Postfix milter filter
Web Proxy Server (Nginx)
Fail2Ban authentication failure monitor
Watchdog is not monitoring disks.

Average CPU load: 11.2906%.
Average RAM usage: 4108208.2856.
Security scans number: 1.

Events:
[Sep 2, 2021 05:42 PM] 'Fail2Ban authentication failure monitor' service started.
[Sep 2, 2021 05:37 PM] 'Fail2Ban authentication failure monitor' service stopped.
[Aug 30, 2021 07:08 PM] 'SMTP Server (Postfix)' service started.
[Aug 30, 2021 07:08 PM] 'Fail2Ban authentication failure monitor' service started.
[Aug 30, 2021 07:08 PM] 'Web Proxy Server (Nginx)' service started.
[Aug 30, 2021 07:08 PM] 'Plesk SpamAssassin' service started.
[Aug 30, 2021 07:08 PM] 'PostgreSQL' service started.
[Aug 30, 2021 07:08 PM] 'MySQL' service started.
[Aug 30, 2021 07:08 PM] 'Web Server (Apache)' service started.
[Aug 30, 2021 07:08 PM] 'Plesk PHP Engine' service started.
[Aug 30, 2021 07:08 PM] 'Plesk Web Server' service started.
[Aug 30, 2021 06:39 AM] 'Plesk SpamAssassin' service started.
[Aug 30, 2021 06:34 AM] 'Plesk SpamAssassin' service stopped.
[Aug 30, 2021 01:00 AM] Security scanning report is in the file /opt/psa/var/modules/watchdog/report/security_2021-08-30.
 
Hello,

I currently dont understand the problem with fail2ban.
"Fail2Ban authentication failure monitor" is just a name for the service what fail2ban actually does..

(....)You can safeguard your server from brute force attacks through IP address banning ( Fail2Ban ). Fail2Ban utilizes regular expressions for monitoring log files and spotting patterns that may correspond to authentication failures, looking for exploits, and additional entries that may appear to be suspicious.(...)

You can find more information here

For the spam-assasian problem, could you please post the output of:
Code: 
systemctl status spamassassin.service  -l


I'm looking forward to your feedback,
kind regards,
 
Hello,
yes I agree...

If the problem continues or happens again, we could increase the log-level of fail2ban and check the logs if needed.
 
Hello,
in
Code: 
/etc/fail2ban/fail2ban.conf


Code: 
[Definition]

# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = 1

I would recommend to change it to debug, just to figure out whats goin on.

Kind regards,
 
You must log in or register to reply here.

Similar threads

S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
623
NewGate
N
Melika
Issue Plesk stopped working out of the blue ...
Replies
0
Views
386
Melika
Melika
H
Question MariaDB doesn't start after upgrade
Replies
3
Views
781
Kaspar@Plesk
Kaspar@Plesk
S
Question Firewall blocking plesk_saslauthd failed mail authentication attempt for user 'info' (password len=9)
Replies
3
Views
3K
mow
M
D
Resolved After enabling MSMTP: sw-service unable to start
Replies
2
Views
1K
dbitsch
D
Back
Top