On Mar 27, 2019, at 2:24 PM, Iosif Fettich <[email protected]> wrote: > I saw in the original mail you had findtime = 600. Is it possible that you > simply have no new hits, whereas the existing ones are already obsoleted?
Thanks for the thought, but no. I watched hits come into the log in real time with no corresponding response by fail2ban (by which I mean fail2ban didn't even log a match on the rule, like it does with every other rule). I also telnetted into port 25 to cause those hits myself, and again, no response. > Try to go for a debugging strategy. Make failregexp a simple letter or word > (ok, risking to ban everything for a minute...). If that doesn't catch > anything, you'd know for sure that it's not the regexp that doesn't work. Just to reiterate, all of my other sendmail filters -- including custom filters -- work just fine. And fail2ban-regex matches properly using this filter. I'm not sure how it can be the regexp, if fail2ban-regex matches every line it's supposed to match. If fail2ban-server uses different regexp match code than fail2ban-regex, then that may explain why fail2ban-regex works while fail2ban-server doesn't... but then that would be a bug. But fail2ban-regex is matching everything it's supposed to, even while fail2ban-server does not. How can I debug that? > Change the logfile. See if fail2ban choses the right one. All my other sendmail filters use the same logfile, and they're working fine, as above. Thanks. --- Amir
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
