Il 2016-11-24 21:47 Tom Hendrikx ha scritto: > > You made a typo in the config file, which made fail2ban fail on an > earlier restart. The logrotate just tripped over the fact that f2b > wasn't running some days later. > > Please show us your jail and filter config for the postfix-disc jail, > but my first guess would be that you setup the jail using > > logfile=%(syslog_mail)s > > but the variable 'syslog_mail' is not defined anywhere. > > Kind regards, > Tom
Well Tom! I've changed on "/etc/fail2ban/jail.conf" from logfile=%(syslog_mail)s to logpath = /var/log/mail.log then I've added the filter for postfix-disc: [postfix-disc] filter = postfix-disc now, on /etc/fail2ban/filter.d/postfix-disc.conf remain some errors: nov 25 12:47:10 server fail2ban[32404]: ERROR Failed during configuration: File contains parsing errors: /etc/fail2ban/filter.d/postfix-disc.conf nov 25 12:47:10 server fail2ban[32404]: [line 12]: '(AUTH|STARTTLS|NOOP|EHLO|RCPT|UNKNOWN) from .*\\..*\\[<HOST>\\]$\n' nov 25 12:47:10 server fail2ban[32404]: [line 13]: '^%(__prefix_line)sdisconnect from unknown\\[<HOST>\\]$\n' nov 25 12:47:10 server fail2ban[32404]: failed! This is my postfix-disc.conf: # Fail2Ban filter for postfix lost connections # [INCLUDES] before = common.conf [Definition] _daemon = postfix/smtpd failregex = ^%(__prefix_line)slost connection after (AUTH|STARTTLS|NOOP|EHLO|RCPT|UNKNOWN) from .*\..*\[<HOST>\]$ ^%(__prefix_line)sdisconnect from unknown\[<HOST>\]$ ignoreregex = # Author: Nick Howitt many many thanks for your help! :-) ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
