API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 26th, 2015
375
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.61 KB | None | 0 0
raw download clone embed print report
  1. 2015-03-26 14:17:13,754 fail2ban.comm [2743]: DEBUG Command: ['stop']
  2. 2015-03-26 14:17:13,754 fail2ban.server [2743]: DEBUG Removed socket file /var/run/fail2ban/fail2ban.sock
  3. 2015-03-26 14:17:13,754 fail2ban.server [2743]: DEBUG Socket shutdown
  4. 2015-03-26 14:17:13,754 fail2ban.server [2743]: INFO Stopping all jails
  5. 2015-03-26 14:17:13,754 fail2ban.server [2743]: DEBUG Stopping jail postfix-banhammer
  6. 2015-03-26 14:17:14,488 fail2ban.actions[2743]: DEBUG Flush ban list
  7. 2015-03-26 14:17:14,488 fail2ban.actions.action[2743]: DEBUG iptables -D INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-PFIX
  8. iptables -F fail2ban-PFIX
  9. iptables -X fail2ban-PFIX
  10. 2015-03-26 14:17:14,499 fail2ban.actions.action[2743]: DEBUG iptables -D INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-PFIX
  11. iptables -F fail2ban-PFIX
  12. iptables -X fail2ban-PFIX returned successfully
  13. 2015-03-26 14:17:14,500 fail2ban.actions[2743]: DEBUG postfix-banhammer: action terminated
  14. 2015-03-26 14:17:14,500 fail2ban.jail [2743]: INFO Jail 'postfix-banhammer' stopped
  15. 2015-03-26 14:17:14,500 fail2ban.server [2743]: DEBUG Stopping jail dovecot-banhammer
  16. 2015-03-26 14:17:15,489 fail2ban.actions[2743]: DEBUG Flush ban list
  17. 2015-03-26 14:17:15,489 fail2ban.actions.action[2743]: DEBUG iptables -D INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j fail2ban-DCOT
  18. iptables -F fail2ban-DCOT
  19. iptables -X fail2ban-DCOT
  20. 2015-03-26 14:17:15,496 fail2ban.actions.action[2743]: DEBUG iptables -D INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j fail2ban-DCOT
  21. iptables -F fail2ban-DCOT
  22. iptables -X fail2ban-DCOT returned successfully
  23. 2015-03-26 14:17:15,496 fail2ban.actions[2743]: DEBUG dovecot-banhammer: action terminated
  24. 2015-03-26 14:17:15,497 fail2ban.jail [2743]: INFO Jail 'dovecot-banhammer' stopped
  25. 2015-03-26 14:17:15,497 fail2ban.server [2743]: DEBUG Stopping jail sasl-banhammer
  26. 2015-03-26 14:17:16,491 fail2ban.actions[2743]: DEBUG Flush ban list
  27. 2015-03-26 14:17:16,492 fail2ban.actions.action[2743]: DEBUG iptables -D INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-SASL
  28. iptables -F fail2ban-SASL
  29. iptables -X fail2ban-SASL
  30. 2015-03-26 14:17:16,498 fail2ban.actions.action[2743]: DEBUG iptables -D INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-SASL
  31. iptables -F fail2ban-SASL
  32. iptables -X fail2ban-SASL returned successfully
  33. 2015-03-26 14:17:16,499 fail2ban.actions[2743]: DEBUG sasl-banhammer: action terminated
  34. 2015-03-26 14:17:16,499 fail2ban.jail [2743]: INFO Jail 'sasl-banhammer' stopped
  35. 2015-03-26 14:17:16,500 fail2ban.server [2743]: DEBUG Remove PID file /var/run/fail2ban/fail2ban.pid
  36. 2015-03-26 14:17:16,500 fail2ban.server [2743]: INFO Exiting Fail2ban
  37. 2015-03-26 14:17:16,985 fail2ban.server [3099]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.14
  38. 2015-03-26 14:17:16,986 fail2ban.comm [3099]: DEBUG Command: ['add', 'postfix-banhammer', 'auto']
  39. 2015-03-26 14:17:16,986 fail2ban.jail [3099]: INFO Creating new jail 'postfix-banhammer'
  40. 2015-03-26 14:17:17,022 fail2ban.jail [3099]: INFO Jail 'postfix-banhammer' uses pyinotify
  41. 2015-03-26 14:17:17,040 fail2ban.filter [3099]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('postfix-banhammer'))
  42. 2015-03-26 14:17:17,051 fail2ban.filter [3099]: DEBUG Created FilterPyinotify(Jail('postfix-banhammer'))
  43. 2015-03-26 14:17:17,053 fail2ban.filter [3099]: DEBUG Created FilterPyinotify
  44. 2015-03-26 14:17:17,053 fail2ban.jail [3099]: INFO Initiated 'pyinotify' backend
  45. 2015-03-26 14:17:17,054 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'usedns', 'warn']
  46. 2015-03-26 14:17:17,054 fail2ban.filter [3099]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('postfix-banhammer'))
  47. 2015-03-26 14:17:17,054 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'addlogpath', '/var/log/maillog']
  48. 2015-03-26 14:17:17,054 fail2ban.filter [3099]: INFO Added logfile = /var/log/maillog
  49. 2015-03-26 14:17:17,055 fail2ban.filter [3099]: DEBUG Added monitor for the parent directory /var/log
  50. 2015-03-26 14:17:17,055 fail2ban.filter [3099]: DEBUG Added file watcher for /var/log/maillog
  51. 2015-03-26 14:17:17,055 fail2ban.filter.datedetector[3099]: DEBUG Sorting the template list
  52. 2015-03-26 14:17:17,055 fail2ban.filter.datedetector[3099]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  53. 2015-03-26 14:17:17,055 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'maxretry', '3']
  54. 2015-03-26 14:17:17,055 fail2ban.filter [3099]: INFO Set maxRetry = 3
  55. 2015-03-26 14:17:17,056 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'ignorecommand', '']
  56. 2015-03-26 14:17:17,056 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'findtime', '600']
  57. 2015-03-26 14:17:17,056 fail2ban.filter [3099]: INFO Set findtime = 600
  58. 2015-03-26 14:17:17,056 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'bantime', '7200']
  59. 2015-03-26 14:17:17,056 fail2ban.actions[3099]: INFO Set banTime = 7200
  60. 2015-03-26 14:17:17,057 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*NOQUEUE: reject: RCPT from \\S+\\[<HOST>\\]: 554 5\\.7\\.1 .*$']
  61. 2015-03-26 14:17:17,059 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*NOQUEUE: reject: RCPT from \\S+\\[<HOST>\\]: 450 4\\.7\\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$']
  62. 2015-03-26 14:17:17,061 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*NOQUEUE: reject: VRFY from \\S+\\[<HOST>\\]: 550 5\\.1\\.1 .*$']
  63. 2015-03-26 14:17:17,062 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*improper command pipelining after \\S+ from [^[]*\\[<HOST>\\]:?$']
  64. 2015-03-26 14:17:17,064 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'addaction', 'iptables-multiport']
  65. 2015-03-26 14:17:17,064 fail2ban.actions.action[3099]: DEBUG Created Action
  66. 2015-03-26 14:17:17,065 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  67. 2015-03-26 14:17:17,065 fail2ban.actions.action[3099]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  68. 2015-03-26 14:17:17,065 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  69. 2015-03-26 14:17:17,065 fail2ban.actions.action[3099]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  70. iptables -F fail2ban-<name>
  71. iptables -X fail2ban-<name>
  72. 2015-03-26 14:17:17,065 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
  73. 2015-03-26 14:17:17,065 fail2ban.actions.action[3099]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  74. iptables -A fail2ban-<name> -j RETURN
  75. iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  76. 2015-03-26 14:17:17,066 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  77. 2015-03-26 14:17:17,066 fail2ban.actions.action[3099]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  78. 2015-03-26 14:17:17,066 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  79. 2015-03-26 14:17:17,066 fail2ban.actions.action[3099]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  80. 2015-03-26 14:17:17,066 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  81. 2015-03-26 14:17:17,067 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
  82. 2015-03-26 14:17:17,067 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'setcinfo', 'iptables-multiport', 'name', 'PFIX']
  83. 2015-03-26 14:17:17,067 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
  84. 2015-03-26 14:17:17,067 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'setcinfo', 'iptables-multiport', 'port', 'smtp,465,submission']
  85. 2015-03-26 14:17:17,068 fail2ban.comm [3099]: DEBUG Command: ['add', 'dovecot-banhammer', 'auto']
  86. 2015-03-26 14:17:17,068 fail2ban.jail [3099]: INFO Creating new jail 'dovecot-banhammer'
  87. 2015-03-26 14:17:17,068 fail2ban.jail [3099]: INFO Jail 'dovecot-banhammer' uses pyinotify
  88. 2015-03-26 14:17:17,068 fail2ban.filter [3099]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('dovecot-banhammer'))
  89. 2015-03-26 14:17:17,068 fail2ban.filter [3099]: DEBUG Created FilterPyinotify(Jail('dovecot-banhammer'))
  90. 2015-03-26 14:17:17,071 fail2ban.filter [3099]: DEBUG Created FilterPyinotify
  91. 2015-03-26 14:17:17,071 fail2ban.jail [3099]: INFO Initiated 'pyinotify' backend
  92. 2015-03-26 14:17:17,071 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'usedns', 'warn']
  93. 2015-03-26 14:17:17,071 fail2ban.filter [3099]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('dovecot-banhammer'))
  94. 2015-03-26 14:17:17,072 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'addlogpath', '/var/log/maillog']
  95. 2015-03-26 14:17:17,072 fail2ban.filter [3099]: INFO Added logfile = /var/log/maillog
  96. 2015-03-26 14:17:17,072 fail2ban.filter [3099]: DEBUG Added monitor for the parent directory /var/log
  97. 2015-03-26 14:17:17,072 fail2ban.filter [3099]: DEBUG Added file watcher for /var/log/maillog
  98. 2015-03-26 14:17:17,072 fail2ban.filter.datedetector[3099]: DEBUG Sorting the template list
  99. 2015-03-26 14:17:17,072 fail2ban.filter.datedetector[3099]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  100. 2015-03-26 14:17:17,072 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'maxretry', '10']
  101. 2015-03-26 14:17:17,072 fail2ban.filter [3099]: INFO Set maxRetry = 10
  102. 2015-03-26 14:17:17,073 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'ignorecommand', '']
  103. 2015-03-26 14:17:17,073 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'findtime', '300']
  104. 2015-03-26 14:17:17,073 fail2ban.filter [3099]: INFO Set findtime = 300
  105. 2015-03-26 14:17:17,073 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'bantime', '1800']
  106. 2015-03-26 14:17:17,073 fail2ban.actions[3099]: INFO Set banTime = 1800
  107. 2015-03-26 14:17:17,074 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(pam_unix(\\(dovecot:auth\\))?:)?\\s+authentication failure; logname=\\S* uid=\\S* euid=\\S* tty=dovecot ruser=\\S* rhost=<HOST>(\\s+user=\\S*)?\\s*$']
  108. 2015-03-26 14:17:17,076 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \\(((auth failed, \\d+ attempts)( in \\d+ secs)?|tried to use (disabled|disallowed) \\S+ auth)\\):( user=<\\S*>,)?( method=\\S+,)? rip=<HOST>(, lip=(\\d{1,3}\\.){3}\\d{1,3})?(, TLS( handshaking(: SSL_accept\\(\\) failed: error:[\\dA-F]+:SSL routines:[TLS\\d]+_GET_CLIENT_HELLO:unknown protocol)?)?(: Disconnected)?)?(, session=<\\S+>)?\\s*$']
  109. 2015-03-26 14:17:17,080 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(Info|dovecot: auth\\(default\\)): pam\\(\\S+,<HOST>\\): pam_authenticate\\(\\) failed: (User not known to the underlying authentication module: \\d+ Time\\(s\\)|Authentication failure \\(password mismatch\\?\\))\\s*$']
  110. 2015-03-26 14:17:17,083 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'addaction', 'iptables-multiport']
  111. 2015-03-26 14:17:17,083 fail2ban.actions.action[3099]: DEBUG Created Action
  112. 2015-03-26 14:17:17,083 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  113. 2015-03-26 14:17:17,083 fail2ban.actions.action[3099]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  114. 2015-03-26 14:17:17,083 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  115. 2015-03-26 14:17:17,083 fail2ban.actions.action[3099]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  116. iptables -F fail2ban-<name>
  117. iptables -X fail2ban-<name>
  118. 2015-03-26 14:17:17,084 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
  119. 2015-03-26 14:17:17,084 fail2ban.actions.action[3099]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  120. iptables -A fail2ban-<name> -j RETURN
  121. iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  122. 2015-03-26 14:17:17,084 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  123. 2015-03-26 14:17:17,084 fail2ban.actions.action[3099]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  124. 2015-03-26 14:17:17,084 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  125. 2015-03-26 14:17:17,085 fail2ban.actions.action[3099]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  126. 2015-03-26 14:17:17,085 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  127. 2015-03-26 14:17:17,085 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
  128. 2015-03-26 14:17:17,085 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'setcinfo', 'iptables-multiport', 'name', 'DCOT']
  129. 2015-03-26 14:17:17,086 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
  130. 2015-03-26 14:17:17,086 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'setcinfo', 'iptables-multiport', 'port', 'pop3,pop3s,imap,imaps']
  131. 2015-03-26 14:17:17,086 fail2ban.comm [3099]: DEBUG Command: ['add', 'sasl-banhammer', 'auto']
  132. 2015-03-26 14:17:17,086 fail2ban.jail [3099]: INFO Creating new jail 'sasl-banhammer'
  133. 2015-03-26 14:17:17,086 fail2ban.jail [3099]: INFO Jail 'sasl-banhammer' uses pyinotify
  134. 2015-03-26 14:17:17,086 fail2ban.filter [3099]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sasl-banhammer'))
  135. 2015-03-26 14:17:17,087 fail2ban.filter [3099]: DEBUG Created FilterPyinotify(Jail('sasl-banhammer'))
  136. 2015-03-26 14:17:17,089 fail2ban.filter [3099]: DEBUG Created FilterPyinotify
  137. 2015-03-26 14:17:17,090 fail2ban.jail [3099]: INFO Initiated 'pyinotify' backend
  138. 2015-03-26 14:17:17,090 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'usedns', 'warn']
  139. 2015-03-26 14:17:17,090 fail2ban.filter [3099]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sasl-banhammer'))
  140. 2015-03-26 14:17:17,090 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'addlogpath', '/var/log/maillog']
  141. 2015-03-26 14:17:17,090 fail2ban.filter [3099]: INFO Added logfile = /var/log/maillog
  142. 2015-03-26 14:17:17,090 fail2ban.filter [3099]: DEBUG Added monitor for the parent directory /var/log
  143. 2015-03-26 14:17:17,091 fail2ban.filter [3099]: DEBUG Added file watcher for /var/log/maillog
  144. 2015-03-26 14:17:17,091 fail2ban.filter.datedetector[3099]: DEBUG Sorting the template list
  145. 2015-03-26 14:17:17,091 fail2ban.filter.datedetector[3099]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  146. 2015-03-26 14:17:17,091 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'maxretry', '10']
  147. 2015-03-26 14:17:17,091 fail2ban.filter [3099]: INFO Set maxRetry = 10
  148. 2015-03-26 14:17:17,091 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'ignorecommand', '']
  149. 2015-03-26 14:17:17,092 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'findtime', '300']
  150. 2015-03-26 14:17:17,092 fail2ban.filter [3099]: INFO Set findtime = 300
  151. 2015-03-26 14:17:17,092 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'bantime', '1800']
  152. 2015-03-26 14:17:17,092 fail2ban.actions[3099]: INFO Set banTime = 1800
  153. 2015-03-26 14:17:17,092 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*warning: [-._\\w]+\\[<HOST>\\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\\s*$']
  154. 2015-03-26 14:17:17,094 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'addaction', 'iptables-multiport']
  155. 2015-03-26 14:17:17,094 fail2ban.actions.action[3099]: DEBUG Created Action
  156. 2015-03-26 14:17:17,095 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  157. 2015-03-26 14:17:17,095 fail2ban.actions.action[3099]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  158. 2015-03-26 14:17:17,095 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  159. 2015-03-26 14:17:17,095 fail2ban.actions.action[3099]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  160. iptables -F fail2ban-<name>
  161. iptables -X fail2ban-<name>
  162. 2015-03-26 14:17:17,095 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
  163. 2015-03-26 14:17:17,095 fail2ban.actions.action[3099]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  164. iptables -A fail2ban-<name> -j RETURN
  165. iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  166. 2015-03-26 14:17:17,096 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  167. 2015-03-26 14:17:17,096 fail2ban.actions.action[3099]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  168. 2015-03-26 14:17:17,096 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  169. 2015-03-26 14:17:17,096 fail2ban.actions.action[3099]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  170. 2015-03-26 14:17:17,096 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  171. 2015-03-26 14:17:17,097 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
  172. 2015-03-26 14:17:17,097 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'setcinfo', 'iptables-multiport', 'name', 'SASL']
  173. 2015-03-26 14:17:17,097 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
  174. 2015-03-26 14:17:17,098 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'setcinfo', 'iptables-multiport', 'port', 'smtp,465,submission']
  175. 2015-03-26 14:17:17,098 fail2ban.comm [3099]: DEBUG Command: ['start', 'postfix-banhammer']
  176. 2015-03-26 14:17:17,098 fail2ban.jail [3099]: INFO Jail 'postfix-banhammer' started
  177. 2015-03-26 14:17:17,098 fail2ban.comm [3099]: DEBUG Command: ['start', 'dovecot-banhammer']
  178. 2015-03-26 14:17:17,099 fail2ban.actions.action[3099]: DEBUG iptables -N fail2ban-PFIX
  179. iptables -A fail2ban-PFIX -j RETURN
  180. iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-PFIX
  181. 2015-03-26 14:17:17,099 fail2ban.filter [3099]: DEBUG pyinotifier started for postfix-banhammer.
  182. 2015-03-26 14:17:17,101 fail2ban.jail [3099]: INFO Jail 'dovecot-banhammer' started
  183. 2015-03-26 14:17:17,102 fail2ban.comm [3099]: DEBUG Command: ['start', 'sasl-banhammer']
  184. 2015-03-26 14:17:17,102 fail2ban.actions.action[3099]: DEBUG iptables -N fail2ban-DCOT
  185. iptables -A fail2ban-DCOT -j RETURN
  186. iptables -I INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j fail2ban-DCOT
  187. 2015-03-26 14:17:17,102 fail2ban.filter [3099]: DEBUG pyinotifier started for dovecot-banhammer.
  188. 2015-03-26 14:17:17,103 fail2ban.jail [3099]: INFO Jail 'sasl-banhammer' started
  189. 2015-03-26 14:17:17,108 fail2ban.actions.action[3099]: DEBUG iptables -N fail2ban-SASL
  190. iptables -A fail2ban-SASL -j RETURN
  191. iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-SASL
  192. 2015-03-26 14:17:17,108 fail2ban.filter [3099]: DEBUG pyinotifier started for sasl-banhammer.
  193. 2015-03-26 14:17:17,109 fail2ban.actions.action[3099]: DEBUG iptables -N fail2ban-PFIX
  194. iptables -A fail2ban-PFIX -j RETURN
  195. iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-PFIX returned successfully
  196. 2015-03-26 14:17:17,114 fail2ban.actions.action[3099]: DEBUG iptables -N fail2ban-DCOT
  197. iptables -A fail2ban-DCOT -j RETURN
  198. iptables -I INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j fail2ban-DCOT returned successfully
  199. 2015-03-26 14:17:17,118 fail2ban.actions.action[3099]: DEBUG iptables -N fail2ban-SASL
  200. iptables -A fail2ban-SASL -j RETURN
  201. iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-SASL returned successfully
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!