[fail2ban] Jail greift nicht !

#1
Moin,

gerade aktuell werde ich angegriffen:

auth.log
Mar 1 14:20:07 meinhost saslauthd[26491]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Mar 1 14:20:07 meinhost saslauthd[26491]: do_auth : auth failure: [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
[/quote]und
[quote]Mar 1 14:28:44 puppa last message repeated 12 times
Mar 1 14:29:25 puppa last message repeated 7 times
Mar 1 14:29:28 puppa postfix/smtpd[12752]: warning: 222.Red-212-170-207.staticIP.rima-tde.net[212.170.207.222]: SASL LOGIN authentication failed: authentication failure[/quote]Das frist gut an Ram. Hier mal die Jail für sasl:


[quote][sasl]

enabled = true
port = smtp
filter = sasl
logpath = /var/log/auth.log
maxretry = 5
[/quote]Hier der Filter.d/sasl.conf
[quote]#
# Author: Yaroslav Halchenko
#
# $Revision: 728 $
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
[/quote]
Blocken tut fail2ban dann im den falle nicht. Warum kann bzw. konnte ich nicht finden !

Lg
Dennis

*edit* Sei Debian 6 habe ich mehr Probleme mit fail2ban als wie mit Lenny :(
 
Zuletzt bearbeitet:

Werbung