[Dovecot] login processes from attacks staying for hours

Kai Schaetzl maillists at conactive.com
Thu Jul 24 00:31:16 EEST 2008


Bill Landry wrote on Wed, 23 Jul 2008 13:18:44 -0700:

> Kai, you can test your regex using "fail2ban-regex". 

Thanks for the answer. Yeah, I found that in the meantime. Great little 
helper. For some reason I cannot get any rule that ends in $ to work, so 
I've now come up with

failregex = dovecot-auth: pam_unix\(dovecot:auth\): authentication failure; 
* rhost=<HOST>

for dovecot on CentOS 5.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com





More information about the dovecot mailing list