Quantcast
Channel: Server Support Forum
Viewing all articles
Browse latest Browse all 7443

Fail2Ban bannt nur teilweise... (SASL/Postfix) - Hilfe?

March 11, 2015, 4:48 am
$
0
0
Ich habe fail2ban konfiguriert und es funktioniert auch, dass er mir IPs banned, die unerlaubt auf eMail Postfächer zugreifen wollen:

Auszug aus der fail2ban Log:

2015-03-11 02:04:44,562 fail2ban.actions: WARNING [sasl] Ban 83.70.84.210
2015-03-11 02:14:45,205 fail2ban.actions: WARNING [sasl] Unban 83.70.84.210

Aber in der mail.log stehen noch weitere unerlaubte Zugriffe, die fail2ban einfach ignoriert, z.b:

Code:
    Mar 10 07:28:34 srv postfix/smtpd[23512]: connect from unknown[41.57.23.150]
    Mar 10 07:28:37 srv postfix/smtpd[23512]: warning: unknown[41.57.23.150]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Mar 10 07:28:37 srv postfix/smtpd[23512]: lost connection after AUTH from unknown[41.57.23.150]
    Mar 10 07:28:37 srv postfix/smtpd[23512]: disconnect from unknown[41.57.23.150]
    Mar 10 07:28:40 srv postfix/smtpd[23512]: connect from unknown[41.57.23.150]
    Mar 10 07:28:43 srv postfix/smtpd[23512]: warning: unknown[41.57.23.150]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Mar 10 07:28:43 srv postfix/smtpd[23512]: lost connection after AUTH from unknown[41.57.23.150]
    Mar 10 07:28:43 srv postfix/smtpd[23512]: disconnect from unknown[41.57.23.150]
    Mar 10 07:28:46 srv postfix/smtpd[23512]: connect from unknown[41.57.23.150]
    Mar 10 07:28:49 srv postfix/smtpd[23512]: warning: unknown[41.57.23.150]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Mar 10 07:28:49 srv postfix/smtpd[23512]: lost connection after AUTH from unknown[41.57.23.150]
    Mar 10 07:28:49 srv postfix/smtpd[23512]: disconnect from unknown[41.57.23.150]
    Mar 10 07:28:49 srv postfix/smtpd[23512]: connect from unknown[41.57.23.150]
    Mar 10 07:28:52 srv postfix/smtpd[23512]: warning: unknown[41.57.23.150]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Mar 10 07:28:52 srv postfix/smtpd[23512]: lost connection after AUTH from unknown[41.57.23.150]
    Mar 10 07:28:52 srv postfix/smtpd[23512]: disconnect from unknown[41.57.23.150]
    Mar 10 07:28:52 srv postfix/smtpd[23512]: connect from unknown[41.57.23.150]
    Mar 10 07:28:55 srv postfix/smtpd[23512]: warning: unknown[41.57.23.150]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Mar 10 07:28:55 srv postfix/smtpd[23512]: lost connection after AUTH from unknown[41.57.23.150]
    Mar 10 07:28:55 srv postfix/smtpd[23512]: disconnect from unknown[41.57.23.150]
Diese IP wird / wurde nicht gebannt obwohl der Regex Test die IP auflistet:

Code:
    Results
    =======

    Failregex
    |- Regular expressions:
    | [1] (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
    |
    `- Number of matches:
    [1] 107 match(es)

    Ignoreregex
    |- Regular expressions:
    |
    `- Number of matches:

    Summary
    =======

    Addresses found:
    [1]

    41.57.23.150 (Tue Mar 10 07:28:37 2015)
    41.57.23.150 (Tue Mar 10 07:28:43 2015)
    41.57.23.150 (Tue Mar 10 07:28:49 2015)
    41.57.23.150 (Tue Mar 10 07:28:52 2015)
    41.57.23.150 (Tue Mar 10 07:28:55 2015)
    41.57.23.150 (Tue Mar 10 07:28:58 2015)
    41.57.23.150 (Tue Mar 10 07:29:01 2015)
    41.57.23.150 (Tue Mar 10 07:29:04 2015)
    41.57.23.150 (Tue Mar 10 07:29:07 2015)
    41.57.23.150 (Tue Mar 10 07:29:10 2015)
    41.57.23.150 (Tue Mar 10 07:29:16 2015)
    41.57.23.150 (Tue Mar 10 07:29:19 2015)
Jemand ne Idee warum diese IP nicht gebannt wurde?
Search
Viewing all articles
Browse latest Browse all 7443

Trending Articles

Audi A6 C7 Fehler C107629 : Türkontaktschalter unplausibles Signal

March 31, 2025, 1:54 am

1.4 TSI Zündaussetzer

December 9, 2016, 11:38 am

Abgasgegendrucksensor vor Partikelfilter Fehlercode: 25DB00

August 13, 2018, 8:09 am

Die Sims FreiSpiel – Neue Quest “In Da Clubhouse”

July 7, 2014, 3:00 am

R.O.D Rondell 0063 Felgen Gutachten

January 15, 2025, 2:58 am

wunderschöne Labrador Welpen Showlinie mit Ahnentafel in Brome

May 22, 2019, 4:25 am

Abmahnung Eva Kiss – Apollo Dienstleistungen (Dr. Norbert U. Klingel...

November 10, 2015, 6:40 am

Geldern - Städtisches Gymnasium Straelen

July 12, 2017, 3:00 pm

BLICK-Girl Sabrina: Komplimente von den Kollegen

September 18, 2012, 7:56 am

Funktionsweise Auspuffklappe Audi 8P S3 2.0 TFSI

February 7, 2015, 3:42 am

DOOM (2016) – Cheat Codes Guide

May 29, 2016, 4:44 pm

Diesel Filter wechseln und entlüften ohne Tester

June 24, 2018, 3:51 am

Alarmanlage deaktivieren/Stumm stellen

September 23, 2017, 12:14 am

Niveauregulierung beim S212 einlernen, mit Fehlermeldung

May 1, 2016, 10:19 pm

ENR im Viano - Fehlersuche. Wo sitzen die Komponenten?

October 12, 2015, 4:07 am

FEHLERCODE 004B1C

February 20, 2017, 11:45 am

GTI P Neuwagen: Fehler U112400 - Datenbus - Mehrverbau erkannt, Mehrverbau CAN

March 10, 2019, 11:22 pm

Leiernder Ton während Wiedergabe

October 9, 2017, 3:18 am

B8 Baujahr 06 2021 - Discover Media - alle persönlichen Daten löschen

June 24, 2024, 8:54 am

Schiebedachrollo öffnet nicht beim Panoramadach

February 15, 2020, 1:54 am
Search