Hi, Im getting these error at starting fail2ban, root@mail:/etc/fail2ban/filter.d# fail2ban-client reload ERROR NOK: ("Unable to compile regular expression '(?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \\(auth failed|Aborted login \\(tried to use'",) I did some changes because the ispconfig 3 postfix was getting brute force attack. Thanks
Probably something wrong with the file you did some changes in. Revert your changes or compare to the original to see what you changed, and check the syntax and semantics are correct.
Hi Taleman, This is my jail.local config... Im new in this area if you can help it will be greate. root@mail:/etc/fail2ban# cat jail.local [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] logpath = /var/log/mail.log maxretry = 5 [postfix-sasl] enabled = true port = smtp filter = postfix-sasl logpath = /var/log/mail.log maxretry = 3 #[postfix-auth] #enabled = true #bantime = 3600 #filter = postfix-auth #action = iptables-multiport[name=action_mw, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp] #logpath = /var/log/mail.log [postfix-auth] enabled = true filter = postfix-auth action = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp] # sendmail[name=Postfix, [email protected]] bantime = 3600 logpath = /var/log/mail.log [postfix] enabled = true port = smtp,ssmtp maxretry = 3 bantime = 3600 filter = postfix logpath = /var/log/mail.log Thanks
What does /etc/fail2ban/filter.d/dovecot-pop3imap.local (or .conf) contain? What distribution are you using? If your distribution has a default filter.d file for dovecot, and it probably does, try using that, as it likely works with no changes.
