• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Fail2Ban authentication failure monitor and Plesk Spam Assasin stopping and starting

miguel.obando

New Pleskian
Watchdog is running since Aug 10, 2021 02:17 PM.
Watchdog is monitoring services:
Plesk Web Server
Plesk PHP Engine
Web Server (Apache)
SMTP Server (Postfix)
Dovecot IMAP and POP3 server
DNS Server (BIND)
MySQL
PostgreSQL
Plesk SpamAssassin
Plesk Postfix milter filter
Web Proxy Server (Nginx)
Fail2Ban authentication failure monitor
Watchdog is not monitoring disks.

Average CPU load: 11.2906%.
Average RAM usage: 4108208.2856.
Security scans number: 1.

Events:
[Sep 2, 2021 05:42 PM] 'Fail2Ban authentication failure monitor' service started.
[Sep 2, 2021 05:37 PM] 'Fail2Ban authentication failure monitor' service stopped.
[Aug 30, 2021 07:08 PM] 'SMTP Server (Postfix)' service started.
[Aug 30, 2021 07:08 PM] 'Fail2Ban authentication failure monitor' service started.
[Aug 30, 2021 07:08 PM] 'Web Proxy Server (Nginx)' service started.
[Aug 30, 2021 07:08 PM] 'Plesk SpamAssassin' service started.
[Aug 30, 2021 07:08 PM] 'PostgreSQL' service started.
[Aug 30, 2021 07:08 PM] 'MySQL' service started.
[Aug 30, 2021 07:08 PM] 'Web Server (Apache)' service started.
[Aug 30, 2021 07:08 PM] 'Plesk PHP Engine' service started.
[Aug 30, 2021 07:08 PM] 'Plesk Web Server' service started.
[Aug 30, 2021 06:39 AM] 'Plesk SpamAssassin' service started.
[Aug 30, 2021 06:34 AM] 'Plesk SpamAssassin' service stopped.
[Aug 30, 2021 01:00 AM] Security scanning report is in the file /opt/psa/var/modules/watchdog/report/security_2021-08-30.
 
Hello,

I currently dont understand the problem with fail2ban.
"Fail2Ban authentication failure monitor" is just a name for the service what fail2ban actually does..

(....)You can safeguard your server from brute force attacks through IP address banning ( Fail2Ban ). Fail2Ban utilizes regular expressions for monitoring log files and spotting patterns that may correspond to authentication failures, looking for exploits, and additional entries that may appear to be suspicious.(...)

You can find more information here

For the spam-assasian problem, could you please post the output of:
Code:
systemctl status spamassassin.service  -l


I'm looking forward to your feedback,
kind regards,
 
Hello,
yes I agree...

If the problem continues or happens again, we could increase the log-level of fail2ban and check the logs if needed.
 
Hello,
in
Code:
/etc/fail2ban/fail2ban.conf


Code:
[Definition]

# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = 1

I would recommend to change it to debug, just to figure out whats goin on.

Kind regards,
 
Back
Top