Still no answer?
Wayne Sallee
[email protected]
http://www.WayneSallee.com
-------- Original Message --------
*Subject: * [Fail2ban-users] dovecot-pop3imap error: ERROR No failure-id group
in '(?: pop3-login|imap-login)
*From: * Robert Kudyba <[email protected]>
*To: * Fail2ban-users <[email protected]>
*CC: *
*Date: * 2019-2-21 12:07 PM
I’m having similar issues to what was mentioned here: https://www.spinics.net/lists/fail2ban/msg01443.html. Is the
Wiki at https://www.fail2ban.org/wiki/index.php/Dovecot
out of date? Seems similar to https://github.com/fail2ban/fail2ban/issues/2130
as well
2019-02-21 11:53:48,641 fail2ban.jail [21833]: INFO Jail
'dovecot-pop3imap' uses pyinotify {}
2019-02-21 11:53:48,649 fail2ban.jail [21833]: INFO Initiated
'pyinotify' backend
2019-02-21 11:53:48,651 fail2ban.filter [21833]: ERROR No failure-id group in '(?: pop3-login|imap-login):
.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth
failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*'
2019-02-21 11:53:48,651 fail2ban.transmitter [21833]: WARNING Command ['set', 'dovecot-pop3imap', 'addfailregex',
'(?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \\(auth failed|Aborted login \\(tried to use
disabled|Disconnected \\(auth failed|Aborted login \\(\\d+ authentication attempts).*rip=(?P<host>\\S*),.*'] has
failed. Received RegexException("No failure-id group in '(?: pop3-login|imap-login): .*(?:Authentication
failure|Aborted login \\(auth failed|Aborted login \\(tried to use disabled|Disconnected \\(auth failed|Aborted login
\\(\\d+ authentication attempts).*rip=(?P<host>\\S*),.*'")
2019-02-21 11:53:48,652 fail2ban [21833]: ERROR NOK: ("No failure-id group in '(?:
pop3-login|imap-login): .*(?:Authentication failure|Aborted login \\(auth failed|Aborted login \\(tried to use
disabled|Disconnected \\(auth failed|Aborted login \\(\\d+ authentication attempts).*rip=(?P<host>\\S*),.*'",)
fail2ban-regex -v /var/log/dovecot.log
/etc/fail2ban/filter.d/dovecot-pop3imap.conf
Running tests
=============
Use failregex filter file : dovecot-pop3imap, basedir: /etc/fail2ban
ERROR: No failure-id group in '(?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth
failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication
attempts).*rip=(?P<host>\S*),.*'
[root@dsm ~]
cat /etc/fail2ban/filter.d/dovecot-pop3imap.conf
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried
to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
