Hey guys, I just followed: http://howtoforge.com/fail2ban_debian_etch But I am currently running ubuntu. And after I restart the service I get: Code: 2008-05-06 23:03:36,769 fail2ban.comm : WARNING Invalid command: ['set', 'courierpop3', 'failregex', 'courierpop3login: LOGIN FAILED.*ip=\\[.*:<HOST>\\]'] and here is my jail.local: Code: [courierpop3] enabled = true port = pop3 filter = courierlogin failregex = courierpop3login: LOGIN FAILED.*ip=\[.*:<HOST>\] logpath = /var/log/mail.log maxretry = 5 Isn't that the right syntax? Thanks
Also, one more thing if this helps solve the problem. Here is what happens in my log when someone tries to log in and fails: Code: May 13 09:18:50 myserver imapd: Connection, ip=[::ffff:127.0.0.1] May 13 09:18:50 myserver imapd: LOGIN FAILED, [email protected], ip=[::ffff:127.0.0.1] May 13 09:18:55 myserver imapd: Disconnected, ip=[::ffff:127.0.0.1], time=5 and here is what is in my jail: Code: [courierimap] enabled = true port = imap2 filter = courierlogin failregex = imapd: LOGIN FAILED.*ip=\[.*:<HOST>\] logpath = /var/log/mail.log maxretry = 4
This is just a step in the dark, but maybe it won't let you put failregex if you already have it in filter.d?