Dne 10.9.2015 v 12:08 Miroslav Geisselreiter napsal(a): > > > Dne 9.9.2015 v 20:33 Paul Lesniewski napsal(a): >> On 9/9/15, Miroslav Geisselreiter <mg@xxxxxxxx> wrote: >>> On 9.9.2015 v 15:03 David C. Rankin wrote: >>>> On 09/09/2015 02:50 AM, Miroslav Geisselreiter wrote: >>>>> dovecot-1.0.7-9.el5_11.4, php-5.1.6-45.el5_11, >>>>> httpd-2.2.3-91.el5.centos, fail2ban-0.8.14-1.el5, CentOS 5 with >>>>> kernel >>>>> 2.6.18-406.el5. >>>>> When I try login to squirrelmail with bad user or bad password, I get >>>>> message: Unknown user or password incorrect. squirrel-plugin write >>>>> about >>>>> that to logfile and fail2ban read that bad attempts and do its >>>>> work (I >>>>> want to use fail2ban for blocking attacks). >>>>> >>>>> New servers: >>>>> CentOS 6: squirrelmail-1.4.22-4.el6.noarch, plugin >>>>> squirrel_logger-2.3.1-1.2.7, sendmail-8.14.4-9.el6.x86_64, >>>>> dovecot-2.0.9-19.el6.1.x86_64, php-5.3.3-46.el6_6.x86_64, >>>> Miroslav, >>>> >>>> It looks like the primary difference is: >>>> >>>> dovecot-1.0.7-9.el5_11.4 >>>> <snip> >>>> >>>> New servers: >>>> CentOS 6: >>>> <snip> >>>> dovecot-2.0.9-19.el6.1.x86_64 >>>> >>>> If I understand that the problem you have is the difference in >>>> reporting a >>>> bad username between Centos 5 & 6, the most likely culprit is the >>>> difference in >>>> the way dovecot itself responds between versions 1 & 2. >>>> >>>> I don't have a dovecot 1 box to test, but I would check the >>>> dovecot >>>> documentation to see if that is the source of the reporting >>>> difference. >>>> fail2ban >>>> itself should be capable of working with either >>>> >>> Thank you, David, for answer. >>> In the meantime I solved the situation: >>> I changed config for squirrel_logger plugin to allow logging also ERROR >>> messages and set filter for fail2ban to catch "ERROR: Connection >>> dropped >>> by IMAP server". On CentOS 7 it was necessary to edit php.ini and set >>> date.timezone for my timezone, otherwise time in logs was incorrect >>> (two >>> hours in past) and fail2ban did not blocked anything. >>> This is not the best solution but works for me at least now. >> The best solution would be for you to fix your Dovecot configuration. >> Works fine for me: >> >> $ dovecot --version >> 2.2.16 >> >> $ telnet localhost 143 >> <snip> >> A LOGIN test@xxxxxxxx asdf >> A NO [AUTHENTICATIONFAILED] Authentication failed. >> B LOGOUT >> * BYE Logging out >> B OK Logout completed. >> Connection closed by foreign host. >> > You hit it. CentOS 5 and dovecot-1.0.7-9.el5_11.4 config.php for dovecot: > $imapPort = 993; > $use_imap_tls = true; > Works fine. > > But for CentOS 6 and 7 (dovecot-2.0.9-19.el6.1.x86_64, > dovecot-2.2.10-4.el7_0.1.x86_64) I had to change: > $imapPort = 143; > $use_imap_tls = false; > > Mirac. Correction: I had to change config.php for squirrelmail - /etc/squirrelmail/config.php (not for dovecot). ------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
