On 9/9/15, Miroslav Geisselreiter <mg@xxxxxxxx> wrote: > On 9.9.2015 v 15:03 David C. Rankin wrote: >> On 09/09/2015 02:50 AM, Miroslav Geisselreiter wrote: >>> dovecot-1.0.7-9.el5_11.4, php-5.1.6-45.el5_11, >>> httpd-2.2.3-91.el5.centos, fail2ban-0.8.14-1.el5, CentOS 5 with kernel >>> 2.6.18-406.el5. >>> When I try login to squirrelmail with bad user or bad password, I get >>> message: Unknown user or password incorrect. squirrel-plugin write about >>> that to logfile and fail2ban read that bad attempts and do its work (I >>> want to use fail2ban for blocking attacks). >>> >>> New servers: >>> CentOS 6: squirrelmail-1.4.22-4.el6.noarch, plugin >>> squirrel_logger-2.3.1-1.2.7, sendmail-8.14.4-9.el6.x86_64, >>> dovecot-2.0.9-19.el6.1.x86_64, php-5.3.3-46.el6_6.x86_64, >> Miroslav, >> >> It looks like the primary difference is: >> >> dovecot-1.0.7-9.el5_11.4 >> <snip> >> >> New servers: >> CentOS 6: >> <snip> >> dovecot-2.0.9-19.el6.1.x86_64 >> >> If I understand that the problem you have is the difference in >> reporting a >> bad username between Centos 5 & 6, the most likely culprit is the >> difference in >> the way dovecot itself responds between versions 1 & 2. >> >> I don't have a dovecot 1 box to test, but I would check the dovecot >> documentation to see if that is the source of the reporting difference. >> fail2ban >> itself should be capable of working with either >> > Thank you, David, for answer. > In the meantime I solved the situation: > I changed config for squirrel_logger plugin to allow logging also ERROR > messages and set filter for fail2ban to catch "ERROR: Connection dropped > by IMAP server". On CentOS 7 it was necessary to edit php.ini and set > date.timezone for my timezone, otherwise time in logs was incorrect (two > hours in past) and fail2ban did not blocked anything. > This is not the best solution but works for me at least now. The best solution would be for you to fix your Dovecot configuration. Works fine for me: $ dovecot --version 2.2.16 $ telnet localhost 143 <snip> A LOGIN test@xxxxxxxx asdf A NO [AUTHENTICATIONFAILED] Authentication failed. B LOGOUT * BYE Logging out B OK Logout completed. Connection closed by foreign host. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php ------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
