Hi, I'm running a busy mail server using freebsd and we are seeing about 90 lines per second in my sendmail logs. I've tried using maxretry = 0 but in the fail2ban logs I see lots of 'found' but not much 'ban' going on.
I'm using findtime 60 and bantime 604800 just to try and get fail2ban to ban things, but not much is changing. I tried findtime 3600 also but I'm still seeing lots of 'Found'. Why does it not just 'Ban' ? I'm using a few things for ddos in sendmail, to prevent such attacks. I don't know if it matters, but my bds-ipfw.conf action suggests this - startstatefile = /var/run/fail2ban/ipfw-started-table_<table> But I have no such file - ls -l /var/run/fail2ban/ total 2 -rw------- 1 root wheel 6 Aug 14 15:06 fail2ban.pid srwx------ 1 root wheel 0 Aug 14 15:06 fail2ban.sock Should I have? Could someone tell me what I should use to mitigate this issue and start banning properly? I was thinking about playing with maxlines next.. Also I'm using gamin as backend, as auto doesn't seem to ban more than 4k addresses. With gamin I get about 10k, but then my maillog is still streaming down with incoming connections and I stop getting the 'Ban' notice logs and just get INFO 'Found' logs. Any pointers welcome. Thanks, Rich
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
