Vesta 2.0 is coming soon! See our progress update: https://vestacp.com/docs/vesta-2-update
Fail2Ban help
Fail2Ban help
Hello guys, can you check my fail2ban log and exim log? Why its not banning the ip 185.xxx.x.xxx as seen on my exim log this ip is trying to login with different alias to my hostname.
What could be the problem?
Fail2Ban
Exim Log
What could be the problem?
Fail2Ban
Code: Select all
2016-02-18 21:41:34,931 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-18 21:41:36,091 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-18 21:50:10,338 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-18 21:56:40,390 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-18 21:59:39,911 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.160
2016-02-18 22:01:41,391 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-18 22:01:42,475 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-18 22:02:50,005 fail2ban.filter [26654]: INFO [exim-iptables] Found 193.189.117.148
2016-02-18 22:08:09,744 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-18 22:08:11,914 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-18 22:11:40,452 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102Code: Select all
2016-02-18 21:41:34 dovecot_login authenticator failed for (User) [185.130.5.100]: 535 Incorrect authentication data ([email protected])
2016-02-18 21:41:35 dovecot_login authenticator failed for (User) [185.130.5.101]: 535 Incorrect authentication data ([email protected])
2016-02-18 21:50:08 no host name found for IP address 185.130.5.102
2016-02-18 21:50:10 dovecot_login authenticator failed for (User) [185.130.5.102]: 535 Incorrect authentication data ([email protected])
2016-02-18 21:56:37 no host name found for IP address 185.130.5.102
2016-02-18 21:56:40 dovecot_login authenticator failed for (User) [185.130.5.102]: 535 Incorrect authentication data ([email protected])
2016-02-18 21:59:37 no host name found for IP address 185.130.5.160
2016-02-18 21:59:39 dovecot_login authenticator failed for (User) [185.130.5.160]: 535 Incorrect authentication data (set_id=club)
2016-02-18 22:01:38 no host name found for IP address 185.130.5.100
2016-02-18 22:01:39 no host name found for IP address 185.130.5.101
2016-02-18 22:01:41 dovecot_login authenticator failed for (User) [185.130.5.100]: 535 Incorrect authentication data ([email protected])
2016-02-18 22:01:42 dovecot_login authenticator failed for (User) [185.130.5.101]: 535 Incorrect authentication data ([email protected])
2016-02-18 22:02:47 no host name found for IP address 193.189.117.148
2016-02-18 22:02:49 dovecot_login authenticator failed for (192.99.255.132) [193.189.117.148]: 535 Incorrect authentication data (set_id=administracion)
2016-02-18 22:08:07 no host name found for IP address 185.130.5.100
2016-02-18 22:08:08 no host name found for IP address 185.130.5.101
2016-02-18 22:08:09 dovecot_login authenticator failed for (User) [185.130.5.100]: 535 Incorrect authentication data ([email protected])
2016-02-18 22:08:11 dovecot_login authenticator failed for (User) [185.130.5.101]: 535 Incorrect authentication data ([email protected])Re: Fail2Ban help
more and more but no ban:
Code: Select all
2016-02-19 03:35:24,780 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 03:41:56,232 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 03:47:52,778 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 03:47:54,987 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 03:54:18,668 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 03:54:20,752 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 03:57:01,174 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 04:03:30,950 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 04:12:57,395 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.160
2016-02-19 04:14:20,852 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 04:14:22,949 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 04:18:35,504 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 04:20:46,966 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 04:20:49,052 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 04:25:05,966 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 04:39:37,508 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.160
2016-02-19 04:40:08,341 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 04:40:56,791 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 04:40:58,918 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 04:46:39,723 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 04:47:25,989 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 04:47:28,198 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 05:01:42,448 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 05:06:17,013 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.160
2016-02-19 05:07:37,411 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 05:07:39,479 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 05:08:12,764 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 05:14:06,690 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 05:14:08,881 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 05:23:15,973 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 05:29:45,785 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 05:32:47,272 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.160
2016-02-19 05:34:20,686 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 05:34:22,854 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 05:40:49,734 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 05:40:50,843 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 05:44:48,375 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 05:51:18,155 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 05:59:25,971 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.160
2016-02-19 06:01:04,431 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 06:01:06,522 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 06:06:23,088 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 06:07:31,703 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 06:07:32,793 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 06:12:50,527 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 06:26:04,776 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.160
2016-02-19 06:27:39,173 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 06:27:41,265 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 06:27:56,585 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 06:34:04,379 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 06:34:05,604 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 06:34:26,291 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 06:49:32,865 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 06:52:42,333 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.160
2016-02-19 06:54:07,615 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 06:54:09,700 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 06:56:03,214 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 07:00:37,788 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 07:00:39,931 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 07:11:07,960 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 07:17:36,619 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.102
2016-02-19 07:19:20,048 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.160
2016-02-19 07:20:47,005 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 07:20:48,221 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101
2016-02-19 07:27:15,042 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.100
2016-02-19 07:27:17,172 fail2ban.filter [26654]: INFO [exim-iptables] Found 185.130.5.101Re: Fail2Ban help
try to reduce findtime for exim-iptables section (or exim) in the fail2ban configurationpandabb wrote:more and more but no ban:
Re: Fail2Ban help
It doesnt work sir i even tried max retry 5 tho i know the default is already 5 lol.
It looks like its not applying the filter.
It looks like its not applying the filter.
Re: Fail2Ban help
Not maxretry, a findtimepandabb wrote:It doesnt work sir i even tried max retry 5 tho i know the default is already 5 lol.
It looks like its not applying the filter.
Re: Fail2Ban help
Hello, it's set to findtime = 600 .. what do you suggest?
Re: Fail2Ban help
more of this:
2016-02-24 22:43:15 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=recepcion)
2016-02-24 22:47:46 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=sales)
2016-02-24 22:52:26 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=soporte)
2016-02-24 22:56:58 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=spam)
2016-02-24 22:58:34 dovecot_login authenticator failed for (User) [185.130.5.160]: 535 Incorrect authentication data (set_id=godzila)
2016-02-24 23:01:36 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=temp)
2016-02-24 23:06:11 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=noreply)
2016-02-24 23:10:39 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=purchasing)
2016-02-24 23:15:13 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=warehouse)
2016-02-24 23:19:50 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=internet)
2016-02-24 23:24:26 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=testuser)
2016-02-24 22:43:15 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=recepcion)
2016-02-24 22:47:46 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=sales)
2016-02-24 22:52:26 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=soporte)
2016-02-24 22:56:58 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=spam)
2016-02-24 22:58:34 dovecot_login authenticator failed for (User) [185.130.5.160]: 535 Incorrect authentication data (set_id=godzila)
2016-02-24 23:01:36 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=temp)
2016-02-24 23:06:11 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=noreply)
2016-02-24 23:10:39 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=purchasing)
2016-02-24 23:15:13 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=warehouse)
2016-02-24 23:19:50 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=internet)
2016-02-24 23:24:26 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=testuser)
Re: Fail2Ban help
about exim - for each IP address attempts were more than findtime (either during findtime happened the required number of login attempts). Therefore, IP-addresses and data are not blocked. Try to reduce maxretry eg up to 2 or 3 and findtime 300