Question Fail2ban filters do not work

alexk345 · Jan 21, 2022

I have 236 ips banned by recidive but none banned by sasl and nomatch

FAIL2BAN filters. Any filter for this intrusion by internet search scanners?

Jan 19 22:49:00 intelligent-mahavira postfix/smtpd[670231]: connection established Jan 19 22:49:00 intelligent-mahavira postfix/smtpd[670231]: master_notify: status 0 Jan 19 22:49:00 intellig...

serverfault.com

Anyone know ?

fail2ban-regex -v /var/log/maillog /etc/fail2ban/filter.d/nomatch.conf
matches 100 ip but i dont see it in plesk fail2ban banned ip list.

alexk345 · Jan 21, 2022

tkalfaoglu · Jan 25, 2022

SASL filter had some problems - perhaps you got burned by that..
my /etc/fail2ban/filter.d/sasl.conf reads:

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}

?(?P<host>[\w\-.^_]+)
# Values: TEXT

failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed

[A-Za-z0-9+/ ]*)?$

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

and it works..

Question Fail2ban filters do not work

alexk345

Basic Pleskian

FAIL2BAN filters. Any filter for this intrusion by internet search scanners?

alexk345

Basic Pleskian

Attachments

tkalfaoglu

Silver Pleskian

Similar threads