Hello Sam, Am Thu, 21 Feb 2019 20:55:29 -0500 schrieb Sam Varshavchik <[email protected]>:
> Gregor Horvath writes: > > > Hello, > > > > I would like to configure a fail2ban rule for authdaemond > > authentication failures. > > Unfortunately the rhost field in the auth.log is empty: > > > > Feb 21 08:35:29 host1 authdaemond: pam_unix(imap:auth): > > authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= > > user=user1 > > > > How can I get the remote IP Address? > > I am using Debian stable stretch. > > You need to check into your syslog settigs. imaplogin logs failed > login attempts via syslog. Example from Fedora: > > Feb 21 20:51:35 octopus imapd[15235]: LOGIN FAILED, user=x, > ip=[::ffff:192.168.0.4] > > These messages get send to syslog, tagging them with subsystem mail, > log level info (mail.info). > Thank you for your information. The LOGIN FAILED where indeed logged in my syslog, but fail2ban had an old regex that did not match it. Thank you for helping to track this down. -- Greg
pgp2gUwHUqnBl.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
