Oh Man,
You were completely right, I didn't do it right.
It's working now:
2011-05-06 17:02:33,100 fail2ban.actions: WARNING [qmail] Ban 173.212.197.14
2011-05-06 17:02:33,100 fail2ban.actions: WARNING [qmail] Ban 173.212.197.17
2011-05-06 17:02:33,100 fail2ban.actions: WARNING [qmail] Ban 173.212.197.10
Thanks very much
2011/5/6 Martin Waschbüsch IT-Dienstleistungen <serv...@waschbuesch.it>
> Hi there,
>
> I will look into this further, but I noticed this right now:
>
> In filter.d, you have these two files:
>
> qmail.conf
> qmail-smtp.conf
>
> The filename itself (basename), e.g.
> filter.d/XYZ.conf
>
> corresponds to the
> filter = XYZ
> line you use in your jail.conf file:
>
> Consider the last three entires in your jail.conf:
>
> ***snip***
>
> enabled = true
> filter = named-refused
> action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
> logpath = /var/log/messages
> ignoreip = 196.46.2.236 127.0.0.1 192.168.0.254 196.46.0.0/24 196.0.0.0/24
> maxretry = 10
> bantime = 60000
>
> [qmail]
> enabled = true
> filter = qmail
> action = iptables[name=SMTP, port=smtp, protocol=tcp]
> logpath = /var/log/qmail/smtp/current
> maxretry = 5
> bantime = 3600
> ignoreip = 127.0.0.1 196.46.2.236
>
>
> [qmail-smtp]
> enabled = true
> filter = qmail
> action = iptables[name=SMTP, port=smtp, protocol=tcp]
> logpath = /var/log/qmail/smtp/current
> maxretry = 5
> bantime = 3600
> ignoreip = 127.0.0.1 196.46.2.236
>
> ***snip***
>
> These entries use the files:
>
> filter.d/named-refused.conf
> filter.d/qmail.conf
> filter.d/qmail.conf
>
> However, none of your jails uses the qmail-smtp.conf file where you specify
> the 'new' regex in question.
> Also, the 'old' regex in qmail.conf itself is not working (on my system
> that is).
>
> please replace your filter.conf/qmail.conf file with this:
>
> ***snip***
>
> # Fail2Ban configuration file
> #
> # Author: Cyril Jaquier
> #
> # $Revision: 510 $
> #
>
> [Definition]
>
> # Option: failregex
> # Notes.: regex to match the password failures messages in the logfile.
> The
> # host must be matched by a group named "host". The tag "<HOST>"
> can
> # be used for standard IP/hostname matching and is only an alias
> for
> # (?:::f{4,6}:)?(?P<host>\S+)
> # Values: TEXT
> #
>
> failregex = rblsmtpd: <HOST> .*: 451 Blocked
> CHKUSER rejected relaying: from <.*:> remote <.*:.*:<HOST>> rcpt
> <.*> : client not allowed to relay
>
> # Option: ignoreregex
> # Notes.: regex to ignore. If this regex matches, the line is ignored.
> # Values: TEXT
> #
> ignoreregex =
>
> ***snip***
>
> Also, you need one of the two qmail references in your jail.conf file.
>
> I would delete the qmail-smtp section - it is not needed.
>
> Let me know if this helps.
>
> Martin
> --
> Martin Waschbüsch
> IT-Dienstleistungen
> Lautensackstr. 16
> 80687 München
>
> Telefon: +49 89 57005708
> Fax: +49 89 57868023
> Mobil: +49 170 2189794
> serv...@waschbuesch.it
> http://www.waschbuesch.it
>
> Am 06.05.2011 um 15:17 schrieb Délsio Cabá:
>
> > <fail2ban.rar>
>
>
