> On 13 Dec 2017, at 17:46, Gao <[email protected]> wrote: > > Hi list, > > My mail server using dovecot v2.2.33 on CentOS 7. I installed fail2ban v0.9.7 > from EPEL repo. I just noticed the dovecot filter seems not working. My > maillog have entries: > Dec 11 22:14:00 mail dovecot: imap-login: Disconnected (no auth attempts in 0 > secs): user=<>, rip=208.100.26.233, lip=10.11.22.68, TLS handshaking: > SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no > shared cipher, session=<oBeRjh5gZ8nQZBrp> > Dec 12 03:10:02 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 > secs): user=<>, rip=208.100.26.235, lip=10.11.22.68, TLS handshaking: > SSL_accept() failed: error:140760FC:SSL > routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=</7xDsSJgZ+DQZBrr> > > But the test show no match: > # fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/dovecot.conf
The dovecot filters showed no matches on my system, too, so I never enabled it. I also get similar "no auth attempts in 0 secs" entries in the logs, 10 in the last 2 days. I notice the first entry of this type in my current logs is from University of Michigan Internet-Wide Scanning Research, others from a datacenter in Hong Kong and other hosts on my hoster's network (Linode). Stroller. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
