On Mon, December 18, 2017 3:06 am, Alex JOST wrote: > Did you enable the dovecot service in fail2ban? By default all jails are > disabled. > > /etc/fail2ban/jail.conf: > [dovecot] > enabled = true
Alex, thanks no, not in jail.conf, I've put it in the (1) /etc/fail2ban/jail.local I've also added postfix, that seems to work: I've made test failed dovecot and postfix from phone/cell connection, I think? postfix one worked, but, nothing registered on dovecot do you know where f2b places bad IPs ? I saw them listed on 'status;, but, couldn't find them in /etc/hosts.deny, not sure if they meant to be there. [and, the device, after failing smtp, could still access http, so not sure if my testing is valid] # fail2ban-client status Status |- Number of jail: 2 `- Jail list: dovecot-pop3imap, postfx-sasl # fail2ban-client status postfx-sasl Status for the jail: postfx-sasl |- Filter | |- Currently failed: 0 | |- Total failed: 57 | `- File list: /var/log/maillog `- Actions |- Currently banned: 1 |- Total banned: 7 `- Banned IP list: 201.249.46.118 # fail2ban-client status dovecot-pop3imap Status for the jail: dovecot-pop3imap |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /var/log/dovecot.log `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list: (1) # cat jail.local [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap", protocol=tcp] logpath = /var/log/dovecot.log maxretry = 5 findtime = 300 bantime = 3600 ignoreip = 127.0.0.1 127.0.0.0/8 [postfx-sasl] enabled = true filter = postfix-sasl action = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp] # sendmail[name=Postfix, dest=y...@mail.com] logpath = /var/log/maillog bantime = 3600 maxretry = 5 ignoreip = 127.0.0.1 127.0.0.0/8
