Gregor Horvath writes:
Hello,I would like to configure a fail2ban rule for authdaemond authentication failures.Unfortunately the rhost field in the auth.log is empty:Feb 21 08:35:29 host1 authdaemond: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=user1How can I get the remote IP Address? I am using Debian stable stretch.
You need to check into your syslog settigs. imaplogin logs failed login attempts via syslog. Example from Fedora:
Feb 21 20:51:35 octopus imapd[15235]: LOGIN FAILED, user=x, ip=[::ffff:192.168.0.4]These messages get send to syslog, tagging them with subsystem mail, log level info (mail.info).
Stock setting on Fedora, in /etc/rsyslog.conf: mail.* -/var/log/maillog And that's where everything gets dumped to (and rotated).
pgp1O3UUB53fU.pgp
Description: PGP signature
_______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
