Question Fail2ban filters do not work

[alexk345]

I have 236 ips banned by recidive but none banned by sasl and nomatch

FAIL2BAN filters. Any filter for this intrusion by internet search scanners?

Jan 19 22:49:00 intelligent-mahavira postfix/smtpd[670231]: connection established Jan 19 22:49:00 intelligent-mahavira postfix/smtpd[670231]: master_notify: status 0 Jan 19 22:49:00 intellig...

serverfault.com

Anyone know ?

fail2ban-regex -v /var/log/maillog /etc/fail2ban/filter.d/nomatch.conf
matches 100 ip but i dont see it in plesk fail2ban banned ip list.

 

[alexk345]

 

[tkalfaoglu]

SASL filter had some problems - perhaps you got burned by that..
my /etc/fail2ban/filter.d/sasl.conf reads:

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}?(?P<host>[\w\-.^_]+)
# Values: TEXT

failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed [A-Za-z0-9+/ ]*)?$

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

and it works..