Fail2ban: Difference between revisions
From DWIKI
mNo edit summary |
m (→FAQ) |
||
| Line 24: | Line 24: | ||
==test filter== | ==test filter== | ||
fail2ban-regex /usr/share/assp/logs/maillog.txt /etc/fail2ban/filter.d/assp.conf | fail2ban-regex /usr/share/assp/logs/maillog.txt /etc/fail2ban/filter.d/assp.conf | ||
==I don't see the rules== | |||
Maybe its using ipset, check | |||
ipset list | |||
Revision as of 13:10, 23 June 2020
Links
Custom rules
assp.conf
failregex = \[Worker_.*\] <HOST> \[SMTP Error\] 535 5.7.8 Error: authentication failed:
\[Worker_.*\] \[SSL-in\] \[TLS-out\] <HOST> \[SMTP Error\] 535
\[Worker_.*\] \[MessageLimit\] <HOST>
\[Worker_.*\] <HOST> .* \[SMTP Error\] 554 5.7.1
FAQ
Error in FilterPyinotify callback: 'module' object has no attribute '_strptime_time'
Enabling sshd-ddos filter seems to trigger this
WARNING Unable to find a corresponding IP address for client: (-2, 'Name or service not known')
Crap code, maybe look at usedns in fail.conf
test filter
fail2ban-regex /usr/share/assp/logs/maillog.txt /etc/fail2ban/filter.d/assp.conf
I don't see the rules
Maybe its using ipset, check
ipset list
