swatch log analyzer usage
ESGLinux
esggrupos at gmail.com
Wed May 12 10:42:15 UTC 2010
Hi All,
Here is my final configuration ( I had some problems with failregex)
I followed this page http://wiki.dovecot.org/HowTo/Fail2Ban
but the failregex doesn´t work for me (I really don´t know why), so I used
the comandfail2ban-regex /var/log/maillog dovecot.conf to test it,
and finally with this
failregex = dovecot.*(imap-login|pop3-login).*Aborted login.*rip=<HOST>.*
it works fine.
To make it only alert me by email I put this in the jail.conf:
[dovecot-pop3imap]
enabled = true
filter = dovecot
#action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap",
protocol=tcp]
action = sendmail-whois[name=Dovecot, dest=esggrupos at gmail.com, sender=
fail2ban at xxxx.com]
logpath = /var/log/maillog
maxretry = 5
findtime = 60
bantime = 1200
I hope this helps someone, :-)
Thanks for your help
ESG
More information about the redhat-list
mailing list