[fail2ban] Jail greift nicht !


New Member

gerade aktuell werde ich angegriffen:

Mar 1 14:20:07 meinhost saslauthd[26491]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Mar 1 14:20:07 meinhost saslauthd[26491]: do_auth : auth failure: [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
[quote]Mar 1 14:28:44 puppa last message repeated 12 times
Mar 1 14:29:25 puppa last message repeated 7 times
Mar 1 14:29:28 puppa postfix/smtpd[12752]: warning: 222.Red-212-170-207.staticIP.rima-tde.net[]: SASL LOGIN authentication failed: authentication failure[/quote]Das frist gut an Ram. Hier mal die Jail für sasl:


enabled = true
port = smtp
filter = sasl
logpath = /var/log/auth.log
maxretry = 5
[/quote]Hier der Filter.d/sasl.conf
# Author: Yaroslav Halchenko
# $Revision: 728 $


# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
ignoreregex =
Blocken tut fail2ban dann im den falle nicht. Warum kann bzw. konnte ich nicht finden !


*edit* Sei Debian 6 habe ich mehr Probleme mit fail2ban als wie mit Lenny :(
Zuletzt bearbeitet: