On 06-03-18 08:59, Sophie Loewenthal wrote: > Morning, > > My logging from and postfix dovecot is in this format: > > Mar 6 07:49:45 mx dovecot: imap-login: Login: [email protected]>, > method=PLAIN, rip=94.19.2.3, lip=1.31.1.3, mpid=10655, TLS, TLSv1.2 with > cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > Mar 6 07:55:36 mx postfix/smtpd[10793]: Anonymous TLS connection established > from unknown[94.19.2.3]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 > (256/256 bits) > > How can I adapt the filter to pick this up? I don’t think the regex in > filter.d/postfix.conf|dovecot.conf will pick these changed lines up because > they have the ciphers included, will they?
Lines that are not understood/matched by fail2ban are ignored. I don't think these lines signify anything that fail2ban should act on, but please explain what you would like fail2ban to do, based on those log lines? > > Best wishes, > > Sophie > > > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
