[Dovecot] fail2ban

Nick Edwards nick.z.edwards at gmail.com
Fri Oct 4 08:47:51 EEST 2013


For dovecot 2.1

as per wiki2,  is this still valid?  noticed a problem before and saw
it does seem to be triggering, I use:

maxretry = 6
findtime = 600
bantime = 3600

and there was like, 2400 hits in 4 minutes, it is pointing to the
correct log file, but I am no expert with fail2ban, so not sure if the
log format of today is compatible with the wiki2 entry


filter.d/dovecot.conf
[Definition]
failregex = (?: pop3-login|imap-login): (?:Authentication
failure|Aborted login \(auth failed|Aborted login \(tried to use
disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
ignoreregex =


More information about the dovecot mailing list