fail2ban dovecot

Diskussionen zur Bedienung von KeyHelp.
Post Reply
otto58
Posts: 142
Joined: Thu 29. Jul 2021, 13:20

fail2ban dovecot

Post by otto58 »

Hallo,
als Laie kann ich nicht erkennen, dass fail2ban hinsichtlich dovecot irgendetwas unternimmt. Ist der Filter nicht aktiv?
Es geht mir um dauerhafte Zugriffe von verschiedenen IPs. Hier der log hinsichtlich einer Beispiel-IP (Ein Postfach git es nur für "sales").

Code: Select all

2026-04-08 09:27:30 	dovecot 	imap-login: Login aborted: Connection closed (auth failed, 1 attempts in 2 secs) (auth_failed): user=<support@mein_server.de>, method=PLAIN, rip=114.115.138.189, lip=11.22.33.44, TLS, session=
2026-04-08 09:06:48 	dovecot 	imap-login: Login aborted: Connection closed (auth failed, 1 attempts in 2 secs) (auth_failed): user=<sales@mein_server.de>, method=PLAIN, rip=114.115.138.189, lip=11.22.33.44, TLS, session=<8kzviu1OBtNyc4q9>
2026-04-08 08:45:51 	dovecot 	imap-login: Login aborted: Connection closed (auth failed, 1 attempts in 2 secs) (auth_failed): user=<contact@mein_server.de>, method=PLAIN, rip=114.115.138.189, lip=11.22.33.44, TLS, session=
2026-04-08 08:25:03 	dovecot 	imap-login: Login aborted: Connection closed (auth failed, 1 attempts in 2 secs) (auth_failed): user=<webmaster@mein_server.de>, method=PLAIN, rip=114.115.138.189, lip=11.22.33.44, TLS, session=
2026-04-08 08:04:28 	dovecot 	imap-login: Login aborted: Connection closed (auth failed, 1 attempts in 2 secs) (auth_failed): user=<postmaster@mein_server.de>, method=PLAIN, rip=114.115.138.189, lip=11.22.33.44, TLS, session=
2026-04-08 07:43:47 	dovecot 	imap-login: Login aborted: Connection closed (auth failed, 1 attempts in 2 secs) (auth_failed): user=<support@mein_server.de>, method=PLAIN, rip=114.115.138.189, lip=11.22.33.44, TLS, session=
2026-04-08 07:23:09 	dovecot 	imap-login: Login aborted: Connection closed (auth failed, 1 attempts in 2 secs) (auth_failed): user=<hr@mein_server.de>, method=PLAIN, rip=114.115.138.189, lip=11.22.33.44, TLS, session=
2026-04-08 07:02:21 	dovecot 	imap-login: Login aborted: Connection closed (auth failed, 1 attempts in 2 secs) (auth_failed): user=<postmaster@mein_server.de>, method=PLAIN, rip=114.115.138.189, lip=11.22.33.44, TLS, session=
Die Zeiten habe ich etwas erhöht aber ich sehe trotzdem keine Aktionen in /var/log/fail2ban.log

Code: Select all

2026-04-08 09:38:23,317 fail2ban.jail           [1624288]: INFO    Creating new jail 'kh-dovecot'
2026-04-08 09:38:23,317 fail2ban.jail           [1624288]: INFO    Jail 'kh-dovecot' uses systemd {}
2026-04-08 09:38:23,317 fail2ban.jail           [1624288]: INFO    Initiated 'systemd' backend
2026-04-08 09:38:23,320 fail2ban.datedetector   [1624288]: INFO      date pattern `''`: `{^LN-BEG}TAI64N`
2026-04-08 09:38:23,320 fail2ban.filtersystemd  [1624288]: INFO    [kh-dovecot] Added journal match for: '_SYSTEMD_UNIT=dovecot.service'
2026-04-08 09:38:23,320 fail2ban.filter         [1624288]: INFO      maxRetry: 4
2026-04-08 09:38:23,321 fail2ban.filter         [1624288]: INFO      findtime: 7200
2026-04-08 09:38:23,321 fail2ban.actions        [1624288]: INFO      banTime: 604800
2026-04-08 09:38:23,321 fail2ban.filter         [1624288]: INFO      encoding: UTF-8
Sonst ist alles default (Debian 13, Keyhelp 26.0).
Wie bekomme ich das aktiviert?

Gruß Otto
Top
Post Reply

Return to “Bedienung”