Hi,
I am using fail2ban with assp and following is my assp config from jail.local
[assp]
enabled = true
port = smtp,465,submission
filter = assp
logpath = /path/to/assp/logs/maillog.txt
findtime = 3600
bantime = 3600
action = iptables-multiport[name=assp, port="smtp,465,submission", protocol=tcp]
sendmail-whois[name=assp, [email protected], [email protected]]
All other configurations are as default in fail2ban v0.9.7, including filters.
Hope this helps.
Regards,
Saurabh Dass Manandhar
On Tue, Jul 24, 2018 at 11:16 AM Philip James Clarke via
Fail2ban-users <[email protected]> wrote:
>
> From the jail.conf for fail2ban version 0.9
>
> # "enabled" enables the jails.
> # By default all jails are disabled, and it should stay this way.
> # Enable only relevant to your setup jails in your .local or jail.d/*.conf
> #
> # true: jail will be enabled and log files will get monitored for changes
> # false: jail is not enabled
> enabled = false
>
>
> So all you need to do is add
>
> enabled=true
>
> under [ASSP]
>
> and in theory it should turn on when you reload/ restart fail2ban and it’s
> activation should be visible in fail2ban.log something like
>
> 2018-07-21 07:01:32,816 fail2ban.jail [1044]: INFO Jail ‘assp'
> started
>
> I don’t have ASSP and my jail.conf (you should create a copy jail.local to
> avoid overwrites and edit the latter), has
>
> /etc/fail2ban/jail.conf:
> logpath = /root/path/to/assp/logs/maillog.txt
>
> so you might need to find the correct log path for you distro (I’m on Ubuntu).
>
> There’s pretty comprehensive documentation in
>
> man jail.conf
>
> Something I’ve found useful is
>
> fail2ban-regex /var/log/nginx/access.log
> /etc/fail2ban/filter.d/nginx-botsearch.conf
>
> which gives you the option to feed a log file through a configuration and see
> what matches, which I found useful for debugging regex, though I have to say
> that I have found it very difficult to contact the developers or find where
> they hang to make some amendments or suggestions and the protocol appears to
> be to branch their version of git, make the changes and upload it and wait
> for comments.
>
>
> > On 23 Jul 2018, at 23:48, James Moe via Fail2ban-users
> > <[email protected]> wrote:
> >
> > opensuse 15.0
> > linux 4.12.14-lp150.12.4-default x86_64
> > fail2ban 0.10.3
> >
> > I am new to fail2ban. I have a few questions.
> >
> > * Are there docs that describe how the various parts of fail2ban work
> > together? The actions and flow of information?
> >
> > I am interested in setting up a jail for ASSP (Anti-Spam SMTP Proxy);
> > there is already an entry, [assp], in the default jail.conf. However,
> > when I ask fail2ban-client, it claims there is no jail:
> >
> > fail2ban> get assp actions
> > 2018-07-23 15:29:34,541 fail2ban [18662]: ERROR NOK: ('assp',)
> > Sorry but the jail 'assp' does not exist
> >
> > The customization entry in jail.d/customisation.local:
> > [assp]
> > port = smtp,465,submission
> > logpath = /usr/local/bin/assp2/logs/maillog.txt
> > datepattern = %Y-%m-%d_%H:%M:%%S
> >
> > I assume I have missed something.
> >
> > * For fail2ban to work with a particular app, are all of jail.conf
> > entry, a filter entry, and an action entry required?
> >
> > * ASSP has a rather unique datetime format. The "datepattern" directive
> > exists to solve this. Where is it allowed? Is its presence required in
> > the jail definition, filter, and action definitions? Or just one or two?
> > In which blocks? Does the "%" have to be doubled in the conf files (I
> > have seen it both ways)?
> >
> >
> > --
> > James Moe
> > moe dot james at sohnen-moe dot com
> > 520.743.3936
> > Think.
> >
> > ------------------------------------------------------------------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Fail2ban-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
