On 2016-07-26 7:34 AM, Thufir wrote: > In a nutshell, once sendmail is configured then fail2ban is functioning? >
If you are using Sendmail for your SMTP server and you want to discourage SMTP bad actors by automatically scanning your logs for errors and temporarily blocking those bad actors in your firewall and fail2ban is running and configured to scan Sendmail's logs, then probably. I consider fail2ban to be functioning when I see some access failure patterns I'd like to prevent, like a bunch of failed log in attempts, that fail2ban logs and temporarily blocks. If I didn't have a steady stream of this kind of traffic to block I don't know that I could be confident that fail2ban is functioning without somehow triggering it's behavior to see that it works. In general fail2ban's default patterns will recognize common bad actions via different service's logs as long as you have the configuration for that service enabled in jail.conf or jail.local. -- Jacob Anawalt Gecko Software, Inc. [email protected] 435-752-8026 ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
