Topic: fail2ban.local default installation. Changed.
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.5.1 mariadb
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: Rocky Linux 8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hello,
I use logwatch in the management of my servers. I noticed I was getting fail2ban reports from all but the iRedmail installation.
The only difference was this line in fail2ban.local from the iRedmail installation.
logtarget = SYSLOG
Which produced log entries like this (Note the date format and I have custom f2b filters):
Feb 21 00:40:33 mail fail2ban.actions[1059]: NOTICE [postfix-pregreet] Unban 212.192.246.179
Feb 21 00:40:46 mail fail2ban.filter[1059]: INFO [postfix-pregreet] Found 212.192.246.179 - 2022-02-21 00:40:45
Feb 21 00:40:46 mail fail2ban.actions[1059]: NOTICE [postfix-pregreet] Ban 212.192.246.179
Feb 21 00:40:46 mail fail2ban.observer[1059]: INFO [postfix-pregreet] IP 212.192.246.179 is bad: 1 # last 2022-02-20 23:40:33 - incr 1:00:00 to 2:00:00
Feb 21 00:40:46 mail fail2ban.observer[1059]: NOTICE [postfix-pregreet] Increase Ban 212.192.246.179 (2 # 2:00:00 -> 2022-02-21 02:40:45)
Feb 21 00:40:56 mail fail2ban.filter[1059]: INFO [postfix-dnsbl] Found 67.205.135.116 - 2022-02-21 00:40:55
After "remming" out that line I now do get logwatch reports. I have found no negative impacts from this.
The effects of remming out that are to kick in the fail2ban.conf setting of:
logtarget = /var/log/fail2ban.log
What should I look for in terms of malfunction? Logrotate settings look okay.
Fail2ban mariadb is updating properly as far as I can see.
Note difference in date format::
2022-02-22 09:39:13,622 fail2ban.actions [3862384]: NOTICE [postfix-dnsbl] Ban 192.3.26.35
2022-02-22 10:12:58,219 fail2ban.filter [3862384]: INFO [postfix-honey100] Found 107.189.3.67 - 2022-02-22 10:12:58
2022-02-22 10:12:58,365 fail2ban.filter [3862384]: INFO [postfix] Found 107.189.3.67 - 2022-02-22 10:12:58
2022-02-22 10:12:58,415 fail2ban.actions [3862384]: NOTICE [postfix-honey100] Ban 107.189.3.67
2022-02-22 10:36:53,101 fail2ban.filter [3862384]: INFO [dovecot] Found 112.27.128.211 - 2022-02-22 10:36:51
2022-02-22 10:36:53,104 fail2ban.filter [3862384]: INFO [dovecot-poison] Found 112.27.128.211 - 2022-02-22 10:36:51
2022-02-22 10:36:53,566 fail2ban.actions [3862384]: NOTICE [dovecot-poison] Ban 112.27.128.211
2022-02-22 10:37:11,137 fail2ban.filter [3862384]: INFO [dovecot-poison] Found 200.206.124.89 -
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.