Dne 9.9.2015 v 20:33 Paul Lesniewski napsal(a): > On 9/9/15, Miroslav Geisselreiter <mg@xxxxxxxx> wrote: >> On 9.9.2015 v 15:03 David C. Rankin wrote: >>> On 09/09/2015 02:50 AM, Miroslav Geisselreiter wrote: >>>> dovecot-1.0.7-9.el5_11.4, php-5.1.6-45.el5_11, >>>> httpd-2.2.3-91.el5.centos, fail2ban-0.8.14-1.el5, CentOS 5 with kernel >>>> 2.6.18-406.el5. >>>> When I try login to squirrelmail with bad user or bad password, I get >>>> message: Unknown user or password incorrect. squirrel-plugin write about >>>> that to logfile and fail2ban read that bad attempts and do its work (I >>>> want to use fail2ban for blocking attacks). >>>> >>>> New servers: >>>> CentOS 6: squirrelmail-1.4.22-4.el6.noarch, plugin >>>> squirrel_logger-2.3.1-1.2.7, sendmail-8.14.4-9.el6.x86_64, >>>> dovecot-2.0.9-19.el6.1.x86_64, php-5.3.3-46.el6_6.x86_64, >>> Miroslav, >>> >>> It looks like the primary difference is: >>> >>> dovecot-1.0.7-9.el5_11.4 >>> <snip> >>> >>> New servers: >>> CentOS 6: >>> <snip> >>> dovecot-2.0.9-19.el6.1.x86_64 >>> >>> If I understand that the problem you have is the difference in >>> reporting a >>> bad username between Centos 5 & 6, the most likely culprit is the >>> difference in >>> the way dovecot itself responds between versions 1 & 2. >>> >>> I don't have a dovecot 1 box to test, but I would check the dovecot >>> documentation to see if that is the source of the reporting difference. >>> fail2ban >>> itself should be capable of working with either >>> >> Thank you, David, for answer. >> In the meantime I solved the situation: >> I changed config for squirrel_logger plugin to allow logging also ERROR >> messages and set filter for fail2ban to catch "ERROR: Connection dropped >> by IMAP server". On CentOS 7 it was necessary to edit php.ini and set >> date.timezone for my timezone, otherwise time in logs was incorrect (two >> hours in past) and fail2ban did not blocked anything. >> This is not the best solution but works for me at least now. > The best solution would be for you to fix your Dovecot configuration. > Works fine for me: > > $ dovecot --version > 2.2.16 > > $ telnet localhost 143 > <snip> > A LOGIN test@xxxxxxxx asdf > A NO [AUTHENTICATIONFAILED] Authentication failed. > B LOGOUT > * BYE Logging out > B OK Logout completed. > Connection closed by foreign host. > You hit it. CentOS 5 and dovecot-1.0.7-9.el5_11.4 config.php for dovecot: $imapPort = 993; $use_imap_tls = true; Works fine. But for CentOS 6 and 7 (dovecot-2.0.9-19.el6.1.x86_64, dovecot-2.2.10-4.el7_0.1.x86_64) I had to change: $imapPort = 143; $use_imap_tls = false; Mirac. ------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
