• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question Fail2ban filters do not work

A

alexk345

Basic Pleskian
I have 236 ips banned by recidive but none banned by sasl and nomatch
serverfault.com

FAIL2BAN filters. Any filter for this intrusion by internet search scanners?

Jan 19 22:49:00 intelligent-mahavira postfix/smtpd[670231]: connection established Jan 19 22:49:00 intelligent-mahavira postfix/smtpd[670231]: master_notify: status 0 Jan 19 22:49:00 intellig...
serverfault.com serverfault.com
Anyone know ?

fail2ban-regex -v /var/log/maillog /etc/fail2ban/filter.d/nomatch.conf
matches 100 ip but i dont see it in plesk fail2ban banned ip list.
 
SASL filter had some problems - perhaps you got burned by that..
my /etc/fail2ban/filter.d/sasl.conf reads:

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT

failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:) [A-Za-z0-9+/ ]*)?$

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

and it works..
 
You must log in or register to reply here.

Similar threads

S
Resolved Problem tuning fail2ban
Replies
5
Views
10K
nisamudeen97
nisamudeen97
wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
961
mizar
mizar
J
Issue Default plesk-apache-badbot fail2ban doesn't work
2
Replies
21
Views
5K
Kaspar
K
T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
2K
Bitpalast
Bitpalast
A
Question FAIL2BAN filters. Any filter for this intrusion by internet search scanners?
Replies
1
Views
1K
alexk345
A
Back
Top