Fail2Ban jail.local

Hey guys,

I just followed:

http://howtoforge.com/fail2ban_debian_etch

But I am currently running ubuntu. And after I restart the service I get:

Code:

2008-05-06 23:03:36,769 fail2ban.comm   : WARNING Invalid command: ['set', 'courierpop3', 'failregex', 'courierpop3login: LOGIN FAILED.*ip=\\[.*:<HOST>\\]']

and here is my jail.local:

Code:

[courierpop3]

enabled  = true
port     = pop3
filter   = courierlogin
failregex = courierpop3login: LOGIN FAILED.*ip=\[.*:<HOST>\]
logpath  = /var/log/mail.log
maxretry = 5 

Isn't that the right syntax?

Thanks

 

Hm... Not sure why this is happening...

 

Would fail2ban still block if i left out the failregex part?

 

Also, one more thing if this helps solve the problem.

Here is what happens in my log when someone tries to log in and fails:

Code:

May 13 09:18:50 myserver imapd: Connection, ip=[::ffff:127.0.0.1]
May 13 09:18:50 myserver imapd: LOGIN FAILED, [email protected], ip=[::ffff:127.0.0.1]
May 13 09:18:55 myserver imapd: Disconnected, ip=[::ffff:127.0.0.1], time=5

and here is what is in my jail:

Code:

[courierimap]

enabled  = true
port     = imap2
filter   = courierlogin
failregex = imapd: LOGIN FAILED.*ip=\[.*:<HOST>\]
logpath  = /var/log/mail.log
maxretry = 4

 

Depends on if there's a filter for Courier in /etc/fail2ban/filter.d/.

 

This is just a step in the dark, but maybe it won't let you put failregex if you already have it in filter.d?

 

Maybe. You could move the appropriate file from filter.d to some other directory and try again.