keep trying to unsubscribe and it won't work...
who is the mod here? can they unsubscribe this address??
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x;
h=Content-Transfer-Encoding:Content-Type:MIME-Version
:Date:Message-ID:Subject:From:To:Sender:Reply-To:Cc:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=ea/wX4/768hml5Pq4kn7ZAeI2obnZSje9i1GmqdzHF8=;
b=i0qDeIs+kPbBx8uXzO/iYWmY8V
Z8/+ZZtzsPPKHJjP0o9nSjsKwwGqhNeat0CWcPM0JixeHISIjgaed42CkjHmVOCKFdR/OZAeTYCsf
9ui57/+wigaa7gtLIRQO1JwQdpVY+GvL/PCx0om8Kz4y6gSJPaVO3JCnhIFR2e8nML0E=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID:
Subject:From:To:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date
:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
List-Owner:List-Archive;
bh=ea/wX4/768hml5Pq4kn7ZAeI2obnZSje9i1GmqdzHF8=; b=W
Z71V6hC4r1rxfQOc4oIBVICM9UJYWSBH8nFIKwlcY2YwgpPYAKYLk6c8klasz/I+dTqEnW40x1MnT
DdrXv9zKeiK0JvHfq92SAkZxN6eHJv+rxsegQohAubOCS/kEG15HU6Su7u5CAlYYXbF5AZUBrD95V
PbdQL5uK0eL/iiV8=;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=to:from:subject:message-id:date:user-agent:mime-version
:content-language:content-transfer-encoding;
bh=ea/wX4/768hml5Pq4kn7ZAeI2obnZSje9i1GmqdzHF8=;
b=mKGx4JyKQBl6YCL6F6CUOcI4LyAVtCVSpvNr3/8E4MMjCB4vWLD67Tn02r4qQWIqck
LEqM3C9IVManYoIuhEKYX4Ru6zH0i1qbnO3VMVurFj3QoOQENSt7476GzsTdXco1zdYd
NZ4fHEy6BXEo+Ply0zf0oHCoACyqPBpjDPdwr/3Njm/i972auf75S0JTw64w4W+CwC0h
LY+27PwFdLumXEHb4HekD1kBGOTq0yGIuA/saHr69IjxgkAIat3KwhcUwJyEMf4C6Z+I
SiuMSHqUKdoddhPSfmxeh5fgKWP3dQM3iyAhfBC0vADYLyk6j349it5HzIs9AHHkR4+S
zBuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:to:from:subject:message-id:date:user-agent
:mime-version:content-language:content-transfer-encoding;
bh=ea/wX4/768hml5Pq4kn7ZAeI2obnZSje9i1GmqdzHF8=;
b=rM6UwWZS99umiQJAN7sc11rVIRvzfMbeNK5LFtqAGOUN4sn9v95JkCJIP93s9WMy1A
AUqWTov2neuKSxaqWcN3cRWCJdOfOca2VTPSCCyA1KGIU7BgbHKgPANlCVITtN5U0yg2
f+KK1W4qie9Ar284dar2OGaEXxHcntFDM5kMjdF2zJ0b4aJT16jomV0LaY9D0Xn7TWGn
omSTgogL44x8+RSmO8Ze+I+i3rRl+md8GlRFh3FUI2gOfoxCJM42OTnkaccgc9j3ofw/
0sQbf+dAG3gEjB5YJ8vLKpUJeP7Su673lkfP/Evi1qaqNW3oHuL/LHZcp+yZyhz6MSeb
nJqA==
X-Gm-Message-State: APt69E2iEQzq+iPwLRFiCeSOm3eyksxKeST5Ry54xQP6XrunPdDj9OcC
HAxXSJdYeHaxnST25KXK/YjhgWMe
X-Google-Smtp-Source:
ADUXVKJRvYiraxO76nRUJfHF9GH5MDyY6mLezOpGgQeiYBgOweeLyJWYRcanEB39TwCdojZymOMfBQ==
X-Received: by 2002:ae9:ef52:: with SMTP id
d79-v6mr3893236qkg.336.1527710172413;
Wed, 30 May 2018 12:56:12 -0700 (PDT)
To: [email protected]
From: Teresa e Junior <[email protected]>
Date: Wed, 30 May 2018 16:56:07 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Thunderbird/52.8.0
X-Spam-Score: -0.1 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(teresaejunior[at]gmail.com)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust [209.85.220.179 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.220.179 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
X-Headers-End: 1fO7Ck-00BFmo-Kn
Subject: [Fail2ban-users] Why does ^%(__prefix_line)s fail?
X-BeenThere: [email protected]
X-Mailman-Version: 2.1.21
List-Id: <fail2ban-users.lists.sourceforge.net>
List-Unsubscribe:
<https://lists.sourceforge.net/lists/options/fail2ban-users>,
<mailto:[email protected]?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=fail2ban-users>
List-Post: <mailto:[email protected]>
List-Help: <mailto:[email protected]?subject=help>
List-Subscribe:
<https://lists.sourceforge.net/lists/listinfo/fail2ban-users>,
<mailto:[email protected]?subject=subscribe>
I have noticed that multiple password attempts on SSH don't get
blocked at all. While testing the regexes, I have found that my logs
choke on "^%(__prefix_line)s"
The following doesn't work:
$ fail2ban-regex \
"May 30 21:03:25 vps docker/ftps[1346]: Failed password for
teresaejunior from 1.2.3.4 port 50714 ssh2" \
'^%(__prefix_line)sFailed \S+ for .*? from <HOST>(?: port \d*)?(?:
ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+
%(__md5hex)s(, client user ".*", client host ".*")?))?\s*$'
The following works (removed ^%(__prefix_line)s)
$ fail2ban-regex \
"May 30 21:03:25 vps docker/ftps[1346]: Failed password for
teresaejunior from 1.2.3.4 port 50714 ssh2" \
'Failed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser
.*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ %(__md5hex)s(, client user
".*", client host ".*")?))?\s*$'
The system is Ubuntu 16.04.4 (actually, my log doesn't match against
the new regex rules of /etc/fail2ban/filter.d/sshd.conf on Ubuntu
18.04 either).
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
