Fail2ban filter

Discussion in 'Server Operation' started by vk3heg, Sep 23, 2023.

Thread Status:
Not open for further replies.
  1. vk3heg

    vk3heg Member

    Hi Guys,
    Can anyone help with a fail2ban rule for this type of connection?
    My log files are full of this type of junk, and I'm in no way a expert on regex syntax.

    Code:
    Sep 23 09:49:02 shadow dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=2402:b801:3873:a500:cd0c:5fe9:9652:98d3, lip=xxxx:d500:6:xxx::x, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<CELKQPsF7oYkArgBOHOlAM0MX+mWUpjT>
Sep 23 09:49:02 shadow dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=2402:b801:3873:a500:cd0c:5fe9:9652:98d3, lip=xxxx:d500:6:xxx::x, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<Oi7MQPsF9IYkArgBOHOlAM0MX+mWUpjT>
Sep 23 09:49:02 shadow dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=2402:b801:3873:a500:cd0c:5fe9:9652:98d3, lip=xxxx:d500:6:xxx::x, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<TY3NQPsF+oYkArgBOHOlAM0MX+mWUpjT>
    Thanks,
    Stephen
     
    vk3heg, Sep 23, 2023
    #1
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I would not block the IP's from these requests, they might come from legit end users as well.
     
    Th0m, Sep 24, 2023
    #2
    ahrasis likes this.
Thread Status:
Not open for further replies.

Share This Page