Re: Fail2ban problem Dovecot exim - RESOLVED - DEVS SEE THIS PLZ
Posted: Mon Feb 18, 2019 11:54 am
It seems that your fail2ban-regex program is facing issues. I can't be sure if your fail2ban installation (or fail2ban-regex executable) is damaged or there is something else going on.
Here is a sample output:
Notice the second to last line, where it says 2 matched. This means that the filter found 2 matches.
Here is a sample output:
Code: Select all
Running tests
=============
Use failregex file : /etc/fail2ban/filter.d/dovecot.conf
Use log file : /var/log/dovecot.log
Results
=======
Failregex: 2 total
|- #) [# of hits] regular expression
| 2) [2] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?(auth|dovecot(-auth)?|auth-worker)(?:\(\S+\))?[\]\)]?:?|[\[\(]?(auth|dovecot(-auth)?|auth-worker)(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((no auth attempts|auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\):( user=<\S*>,)?( method=\S+,)? rip=<HOST>, lip=(\d{1,3}\.){3}\d{1,3}(, session=<\w+>)?(, TLS( handshaking)?(: Disconnected)?)?\s*$
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [5260] MONTH Day Hour:Minute:Second
`-
Lines: 5260 lines, 0 ignored, 2 matched, 5258 missed
Missed line(s):: too many to print. Use --print-all-missed to print all 5258 lines