• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Fail2Ban authentication failure monitor and Plesk Spam Assasin stopping and starting

M

miguel.obando

New Pleskian
Watchdog is running since Aug 10, 2021 02:17 PM.
Watchdog is monitoring services:
Plesk Web Server
Plesk PHP Engine
Web Server (Apache)
SMTP Server (Postfix)
Dovecot IMAP and POP3 server
DNS Server (BIND)
MySQL
PostgreSQL
Plesk SpamAssassin
Plesk Postfix milter filter
Web Proxy Server (Nginx)
Fail2Ban authentication failure monitor
Watchdog is not monitoring disks.

Average CPU load: 11.2906%.
Average RAM usage: 4108208.2856.
Security scans number: 1.

Events:
[Sep 2, 2021 05:42 PM] 'Fail2Ban authentication failure monitor' service started.
[Sep 2, 2021 05:37 PM] 'Fail2Ban authentication failure monitor' service stopped.
[Aug 30, 2021 07:08 PM] 'SMTP Server (Postfix)' service started.
[Aug 30, 2021 07:08 PM] 'Fail2Ban authentication failure monitor' service started.
[Aug 30, 2021 07:08 PM] 'Web Proxy Server (Nginx)' service started.
[Aug 30, 2021 07:08 PM] 'Plesk SpamAssassin' service started.
[Aug 30, 2021 07:08 PM] 'PostgreSQL' service started.
[Aug 30, 2021 07:08 PM] 'MySQL' service started.
[Aug 30, 2021 07:08 PM] 'Web Server (Apache)' service started.
[Aug 30, 2021 07:08 PM] 'Plesk PHP Engine' service started.
[Aug 30, 2021 07:08 PM] 'Plesk Web Server' service started.
[Aug 30, 2021 06:39 AM] 'Plesk SpamAssassin' service started.
[Aug 30, 2021 06:34 AM] 'Plesk SpamAssassin' service stopped.
[Aug 30, 2021 01:00 AM] Security scanning report is in the file /opt/psa/var/modules/watchdog/report/security_2021-08-30.
 
Hello,

I currently dont understand the problem with fail2ban.
"Fail2Ban authentication failure monitor" is just a name for the service what fail2ban actually does..

(....)You can safeguard your server from brute force attacks through IP address banning ( Fail2Ban ). Fail2Ban utilizes regular expressions for monitoring log files and spotting patterns that may correspond to authentication failures, looking for exploits, and additional entries that may appear to be suspicious.(...)

You can find more information here

For the spam-assasian problem, could you please post the output of:
Code: 
systemctl status spamassassin.service  -l


I'm looking forward to your feedback,
kind regards,
 
Hello,
yes I agree...

If the problem continues or happens again, we could increase the log-level of fail2ban and check the logs if needed.
 
Hello,
in
Code: 
/etc/fail2ban/fail2ban.conf


Code: 
[Definition]

# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = 1

I would recommend to change it to debug, just to figure out whats goin on.

Kind regards,
 
You must log in or register to reply here.

Similar threads

S
Question Firewall blocking plesk_saslauthd failed mail authentication attempt for user 'info' (password len=9)
Replies
3
Views
2K
mow
M
D
Resolved After enabling MSMTP: sw-service unable to start
Replies
2
Views
847
dbitsch
D
L
Resolved WordPress Permalink's stopped working
Replies
5
Views
1K
smithcreate
S
Endre
Issue Server Error 500 Plesk\Exception\Database DB query failed: SQLSTATE[HY000] [2002] No such file or directory
Replies
15
Views
7K
MihaiNecreala
M
Ehud
Question Is Plesk Email SRS fully configured, or it requires an extension?
Replies
0
Views
1K
Ehud
Ehud
Back
Top