Advertisement
Guest User

Untitled

a guest
Mar 26th, 2015
277
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2015-03-26 14:17:13,754 fail2ban.comm [2743]: DEBUG Command: ['stop']
  2. 2015-03-26 14:17:13,754 fail2ban.server [2743]: DEBUG Removed socket file /var/run/fail2ban/fail2ban.sock
  3. 2015-03-26 14:17:13,754 fail2ban.server [2743]: DEBUG Socket shutdown
  4. 2015-03-26 14:17:13,754 fail2ban.server [2743]: INFO Stopping all jails
  5. 2015-03-26 14:17:13,754 fail2ban.server [2743]: DEBUG Stopping jail postfix-banhammer
  6. 2015-03-26 14:17:14,488 fail2ban.actions[2743]: DEBUG Flush ban list
  7. 2015-03-26 14:17:14,488 fail2ban.actions.action[2743]: DEBUG iptables -D INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-PFIX
  8. iptables -F fail2ban-PFIX
  9. iptables -X fail2ban-PFIX
  10. 2015-03-26 14:17:14,499 fail2ban.actions.action[2743]: DEBUG iptables -D INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-PFIX
  11. iptables -F fail2ban-PFIX
  12. iptables -X fail2ban-PFIX returned successfully
  13. 2015-03-26 14:17:14,500 fail2ban.actions[2743]: DEBUG postfix-banhammer: action terminated
  14. 2015-03-26 14:17:14,500 fail2ban.jail [2743]: INFO Jail 'postfix-banhammer' stopped
  15. 2015-03-26 14:17:14,500 fail2ban.server [2743]: DEBUG Stopping jail dovecot-banhammer
  16. 2015-03-26 14:17:15,489 fail2ban.actions[2743]: DEBUG Flush ban list
  17. 2015-03-26 14:17:15,489 fail2ban.actions.action[2743]: DEBUG iptables -D INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j fail2ban-DCOT
  18. iptables -F fail2ban-DCOT
  19. iptables -X fail2ban-DCOT
  20. 2015-03-26 14:17:15,496 fail2ban.actions.action[2743]: DEBUG iptables -D INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j fail2ban-DCOT
  21. iptables -F fail2ban-DCOT
  22. iptables -X fail2ban-DCOT returned successfully
  23. 2015-03-26 14:17:15,496 fail2ban.actions[2743]: DEBUG dovecot-banhammer: action terminated
  24. 2015-03-26 14:17:15,497 fail2ban.jail [2743]: INFO Jail 'dovecot-banhammer' stopped
  25. 2015-03-26 14:17:15,497 fail2ban.server [2743]: DEBUG Stopping jail sasl-banhammer
  26. 2015-03-26 14:17:16,491 fail2ban.actions[2743]: DEBUG Flush ban list
  27. 2015-03-26 14:17:16,492 fail2ban.actions.action[2743]: DEBUG iptables -D INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-SASL
  28. iptables -F fail2ban-SASL
  29. iptables -X fail2ban-SASL
  30. 2015-03-26 14:17:16,498 fail2ban.actions.action[2743]: DEBUG iptables -D INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-SASL
  31. iptables -F fail2ban-SASL
  32. iptables -X fail2ban-SASL returned successfully
  33. 2015-03-26 14:17:16,499 fail2ban.actions[2743]: DEBUG sasl-banhammer: action terminated
  34. 2015-03-26 14:17:16,499 fail2ban.jail [2743]: INFO Jail 'sasl-banhammer' stopped
  35. 2015-03-26 14:17:16,500 fail2ban.server [2743]: DEBUG Remove PID file /var/run/fail2ban/fail2ban.pid
  36. 2015-03-26 14:17:16,500 fail2ban.server [2743]: INFO Exiting Fail2ban
  37. 2015-03-26 14:17:16,985 fail2ban.server [3099]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.14
  38. 2015-03-26 14:17:16,986 fail2ban.comm [3099]: DEBUG Command: ['add', 'postfix-banhammer', 'auto']
  39. 2015-03-26 14:17:16,986 fail2ban.jail [3099]: INFO Creating new jail 'postfix-banhammer'
  40. 2015-03-26 14:17:17,022 fail2ban.jail [3099]: INFO Jail 'postfix-banhammer' uses pyinotify
  41. 2015-03-26 14:17:17,040 fail2ban.filter [3099]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('postfix-banhammer'))
  42. 2015-03-26 14:17:17,051 fail2ban.filter [3099]: DEBUG Created FilterPyinotify(Jail('postfix-banhammer'))
  43. 2015-03-26 14:17:17,053 fail2ban.filter [3099]: DEBUG Created FilterPyinotify
  44. 2015-03-26 14:17:17,053 fail2ban.jail [3099]: INFO Initiated 'pyinotify' backend
  45. 2015-03-26 14:17:17,054 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'usedns', 'warn']
  46. 2015-03-26 14:17:17,054 fail2ban.filter [3099]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('postfix-banhammer'))
  47. 2015-03-26 14:17:17,054 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'addlogpath', '/var/log/maillog']
  48. 2015-03-26 14:17:17,054 fail2ban.filter [3099]: INFO Added logfile = /var/log/maillog
  49. 2015-03-26 14:17:17,055 fail2ban.filter [3099]: DEBUG Added monitor for the parent directory /var/log
  50. 2015-03-26 14:17:17,055 fail2ban.filter [3099]: DEBUG Added file watcher for /var/log/maillog
  51. 2015-03-26 14:17:17,055 fail2ban.filter.datedetector[3099]: DEBUG Sorting the template list
  52. 2015-03-26 14:17:17,055 fail2ban.filter.datedetector[3099]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  53. 2015-03-26 14:17:17,055 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'maxretry', '3']
  54. 2015-03-26 14:17:17,055 fail2ban.filter [3099]: INFO Set maxRetry = 3
  55. 2015-03-26 14:17:17,056 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'ignorecommand', '']
  56. 2015-03-26 14:17:17,056 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'findtime', '600']
  57. 2015-03-26 14:17:17,056 fail2ban.filter [3099]: INFO Set findtime = 600
  58. 2015-03-26 14:17:17,056 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'bantime', '7200']
  59. 2015-03-26 14:17:17,056 fail2ban.actions[3099]: INFO Set banTime = 7200
  60. 2015-03-26 14:17:17,057 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*NOQUEUE: reject: RCPT from \\S+\\[<HOST>\\]: 554 5\\.7\\.1 .*$']
  61. 2015-03-26 14:17:17,059 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*NOQUEUE: reject: RCPT from \\S+\\[<HOST>\\]: 450 4\\.7\\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$']
  62. 2015-03-26 14:17:17,061 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*NOQUEUE: reject: VRFY from \\S+\\[<HOST>\\]: 550 5\\.1\\.1 .*$']
  63. 2015-03-26 14:17:17,062 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*improper command pipelining after \\S+ from [^[]*\\[<HOST>\\]:?$']
  64. 2015-03-26 14:17:17,064 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'addaction', 'iptables-multiport']
  65. 2015-03-26 14:17:17,064 fail2ban.actions.action[3099]: DEBUG Created Action
  66. 2015-03-26 14:17:17,065 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  67. 2015-03-26 14:17:17,065 fail2ban.actions.action[3099]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  68. 2015-03-26 14:17:17,065 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  69. 2015-03-26 14:17:17,065 fail2ban.actions.action[3099]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  70. iptables -F fail2ban-<name>
  71. iptables -X fail2ban-<name>
  72. 2015-03-26 14:17:17,065 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
  73. 2015-03-26 14:17:17,065 fail2ban.actions.action[3099]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  74. iptables -A fail2ban-<name> -j RETURN
  75. iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  76. 2015-03-26 14:17:17,066 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  77. 2015-03-26 14:17:17,066 fail2ban.actions.action[3099]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  78. 2015-03-26 14:17:17,066 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  79. 2015-03-26 14:17:17,066 fail2ban.actions.action[3099]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  80. 2015-03-26 14:17:17,066 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  81. 2015-03-26 14:17:17,067 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
  82. 2015-03-26 14:17:17,067 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'setcinfo', 'iptables-multiport', 'name', 'PFIX']
  83. 2015-03-26 14:17:17,067 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
  84. 2015-03-26 14:17:17,067 fail2ban.comm [3099]: DEBUG Command: ['set', 'postfix-banhammer', 'setcinfo', 'iptables-multiport', 'port', 'smtp,465,submission']
  85. 2015-03-26 14:17:17,068 fail2ban.comm [3099]: DEBUG Command: ['add', 'dovecot-banhammer', 'auto']
  86. 2015-03-26 14:17:17,068 fail2ban.jail [3099]: INFO Creating new jail 'dovecot-banhammer'
  87. 2015-03-26 14:17:17,068 fail2ban.jail [3099]: INFO Jail 'dovecot-banhammer' uses pyinotify
  88. 2015-03-26 14:17:17,068 fail2ban.filter [3099]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('dovecot-banhammer'))
  89. 2015-03-26 14:17:17,068 fail2ban.filter [3099]: DEBUG Created FilterPyinotify(Jail('dovecot-banhammer'))
  90. 2015-03-26 14:17:17,071 fail2ban.filter [3099]: DEBUG Created FilterPyinotify
  91. 2015-03-26 14:17:17,071 fail2ban.jail [3099]: INFO Initiated 'pyinotify' backend
  92. 2015-03-26 14:17:17,071 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'usedns', 'warn']
  93. 2015-03-26 14:17:17,071 fail2ban.filter [3099]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('dovecot-banhammer'))
  94. 2015-03-26 14:17:17,072 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'addlogpath', '/var/log/maillog']
  95. 2015-03-26 14:17:17,072 fail2ban.filter [3099]: INFO Added logfile = /var/log/maillog
  96. 2015-03-26 14:17:17,072 fail2ban.filter [3099]: DEBUG Added monitor for the parent directory /var/log
  97. 2015-03-26 14:17:17,072 fail2ban.filter [3099]: DEBUG Added file watcher for /var/log/maillog
  98. 2015-03-26 14:17:17,072 fail2ban.filter.datedetector[3099]: DEBUG Sorting the template list
  99. 2015-03-26 14:17:17,072 fail2ban.filter.datedetector[3099]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  100. 2015-03-26 14:17:17,072 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'maxretry', '10']
  101. 2015-03-26 14:17:17,072 fail2ban.filter [3099]: INFO Set maxRetry = 10
  102. 2015-03-26 14:17:17,073 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'ignorecommand', '']
  103. 2015-03-26 14:17:17,073 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'findtime', '300']
  104. 2015-03-26 14:17:17,073 fail2ban.filter [3099]: INFO Set findtime = 300
  105. 2015-03-26 14:17:17,073 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'bantime', '1800']
  106. 2015-03-26 14:17:17,073 fail2ban.actions[3099]: INFO Set banTime = 1800
  107. 2015-03-26 14:17:17,074 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(pam_unix(\\(dovecot:auth\\))?:)?\\s+authentication failure; logname=\\S* uid=\\S* euid=\\S* tty=dovecot ruser=\\S* rhost=<HOST>(\\s+user=\\S*)?\\s*$']
  108. 2015-03-26 14:17:17,076 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \\(((auth failed, \\d+ attempts)( in \\d+ secs)?|tried to use (disabled|disallowed) \\S+ auth)\\):( user=<\\S*>,)?( method=\\S+,)? rip=<HOST>(, lip=(\\d{1,3}\\.){3}\\d{1,3})?(, TLS( handshaking(: SSL_accept\\(\\) failed: error:[\\dA-F]+:SSL routines:[TLS\\d]+_GET_CLIENT_HELLO:unknown protocol)?)?(: Disconnected)?)?(, session=<\\S+>)?\\s*$']
  109. 2015-03-26 14:17:17,080 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(Info|dovecot: auth\\(default\\)): pam\\(\\S+,<HOST>\\): pam_authenticate\\(\\) failed: (User not known to the underlying authentication module: \\d+ Time\\(s\\)|Authentication failure \\(password mismatch\\?\\))\\s*$']
  110. 2015-03-26 14:17:17,083 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'addaction', 'iptables-multiport']
  111. 2015-03-26 14:17:17,083 fail2ban.actions.action[3099]: DEBUG Created Action
  112. 2015-03-26 14:17:17,083 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  113. 2015-03-26 14:17:17,083 fail2ban.actions.action[3099]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  114. 2015-03-26 14:17:17,083 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  115. 2015-03-26 14:17:17,083 fail2ban.actions.action[3099]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  116. iptables -F fail2ban-<name>
  117. iptables -X fail2ban-<name>
  118. 2015-03-26 14:17:17,084 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
  119. 2015-03-26 14:17:17,084 fail2ban.actions.action[3099]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  120. iptables -A fail2ban-<name> -j RETURN
  121. iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  122. 2015-03-26 14:17:17,084 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  123. 2015-03-26 14:17:17,084 fail2ban.actions.action[3099]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  124. 2015-03-26 14:17:17,084 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  125. 2015-03-26 14:17:17,085 fail2ban.actions.action[3099]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  126. 2015-03-26 14:17:17,085 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  127. 2015-03-26 14:17:17,085 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
  128. 2015-03-26 14:17:17,085 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'setcinfo', 'iptables-multiport', 'name', 'DCOT']
  129. 2015-03-26 14:17:17,086 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
  130. 2015-03-26 14:17:17,086 fail2ban.comm [3099]: DEBUG Command: ['set', 'dovecot-banhammer', 'setcinfo', 'iptables-multiport', 'port', 'pop3,pop3s,imap,imaps']
  131. 2015-03-26 14:17:17,086 fail2ban.comm [3099]: DEBUG Command: ['add', 'sasl-banhammer', 'auto']
  132. 2015-03-26 14:17:17,086 fail2ban.jail [3099]: INFO Creating new jail 'sasl-banhammer'
  133. 2015-03-26 14:17:17,086 fail2ban.jail [3099]: INFO Jail 'sasl-banhammer' uses pyinotify
  134. 2015-03-26 14:17:17,086 fail2ban.filter [3099]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sasl-banhammer'))
  135. 2015-03-26 14:17:17,087 fail2ban.filter [3099]: DEBUG Created FilterPyinotify(Jail('sasl-banhammer'))
  136. 2015-03-26 14:17:17,089 fail2ban.filter [3099]: DEBUG Created FilterPyinotify
  137. 2015-03-26 14:17:17,090 fail2ban.jail [3099]: INFO Initiated 'pyinotify' backend
  138. 2015-03-26 14:17:17,090 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'usedns', 'warn']
  139. 2015-03-26 14:17:17,090 fail2ban.filter [3099]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sasl-banhammer'))
  140. 2015-03-26 14:17:17,090 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'addlogpath', '/var/log/maillog']
  141. 2015-03-26 14:17:17,090 fail2ban.filter [3099]: INFO Added logfile = /var/log/maillog
  142. 2015-03-26 14:17:17,090 fail2ban.filter [3099]: DEBUG Added monitor for the parent directory /var/log
  143. 2015-03-26 14:17:17,091 fail2ban.filter [3099]: DEBUG Added file watcher for /var/log/maillog
  144. 2015-03-26 14:17:17,091 fail2ban.filter.datedetector[3099]: DEBUG Sorting the template list
  145. 2015-03-26 14:17:17,091 fail2ban.filter.datedetector[3099]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  146. 2015-03-26 14:17:17,091 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'maxretry', '10']
  147. 2015-03-26 14:17:17,091 fail2ban.filter [3099]: INFO Set maxRetry = 10
  148. 2015-03-26 14:17:17,091 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'ignorecommand', '']
  149. 2015-03-26 14:17:17,092 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'findtime', '300']
  150. 2015-03-26 14:17:17,092 fail2ban.filter [3099]: INFO Set findtime = 300
  151. 2015-03-26 14:17:17,092 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'bantime', '1800']
  152. 2015-03-26 14:17:17,092 fail2ban.actions[3099]: INFO Set banTime = 1800
  153. 2015-03-26 14:17:17,092 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*warning: [-._\\w]+\\[<HOST>\\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\\s*$']
  154. 2015-03-26 14:17:17,094 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'addaction', 'iptables-multiport']
  155. 2015-03-26 14:17:17,094 fail2ban.actions.action[3099]: DEBUG Created Action
  156. 2015-03-26 14:17:17,095 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  157. 2015-03-26 14:17:17,095 fail2ban.actions.action[3099]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  158. 2015-03-26 14:17:17,095 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  159. 2015-03-26 14:17:17,095 fail2ban.actions.action[3099]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  160. iptables -F fail2ban-<name>
  161. iptables -X fail2ban-<name>
  162. 2015-03-26 14:17:17,095 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
  163. 2015-03-26 14:17:17,095 fail2ban.actions.action[3099]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  164. iptables -A fail2ban-<name> -j RETURN
  165. iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  166. 2015-03-26 14:17:17,096 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  167. 2015-03-26 14:17:17,096 fail2ban.actions.action[3099]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  168. 2015-03-26 14:17:17,096 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  169. 2015-03-26 14:17:17,096 fail2ban.actions.action[3099]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  170. 2015-03-26 14:17:17,096 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  171. 2015-03-26 14:17:17,097 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
  172. 2015-03-26 14:17:17,097 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'setcinfo', 'iptables-multiport', 'name', 'SASL']
  173. 2015-03-26 14:17:17,097 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
  174. 2015-03-26 14:17:17,098 fail2ban.comm [3099]: DEBUG Command: ['set', 'sasl-banhammer', 'setcinfo', 'iptables-multiport', 'port', 'smtp,465,submission']
  175. 2015-03-26 14:17:17,098 fail2ban.comm [3099]: DEBUG Command: ['start', 'postfix-banhammer']
  176. 2015-03-26 14:17:17,098 fail2ban.jail [3099]: INFO Jail 'postfix-banhammer' started
  177. 2015-03-26 14:17:17,098 fail2ban.comm [3099]: DEBUG Command: ['start', 'dovecot-banhammer']
  178. 2015-03-26 14:17:17,099 fail2ban.actions.action[3099]: DEBUG iptables -N fail2ban-PFIX
  179. iptables -A fail2ban-PFIX -j RETURN
  180. iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-PFIX
  181. 2015-03-26 14:17:17,099 fail2ban.filter [3099]: DEBUG pyinotifier started for postfix-banhammer.
  182. 2015-03-26 14:17:17,101 fail2ban.jail [3099]: INFO Jail 'dovecot-banhammer' started
  183. 2015-03-26 14:17:17,102 fail2ban.comm [3099]: DEBUG Command: ['start', 'sasl-banhammer']
  184. 2015-03-26 14:17:17,102 fail2ban.actions.action[3099]: DEBUG iptables -N fail2ban-DCOT
  185. iptables -A fail2ban-DCOT -j RETURN
  186. iptables -I INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j fail2ban-DCOT
  187. 2015-03-26 14:17:17,102 fail2ban.filter [3099]: DEBUG pyinotifier started for dovecot-banhammer.
  188. 2015-03-26 14:17:17,103 fail2ban.jail [3099]: INFO Jail 'sasl-banhammer' started
  189. 2015-03-26 14:17:17,108 fail2ban.actions.action[3099]: DEBUG iptables -N fail2ban-SASL
  190. iptables -A fail2ban-SASL -j RETURN
  191. iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-SASL
  192. 2015-03-26 14:17:17,108 fail2ban.filter [3099]: DEBUG pyinotifier started for sasl-banhammer.
  193. 2015-03-26 14:17:17,109 fail2ban.actions.action[3099]: DEBUG iptables -N fail2ban-PFIX
  194. iptables -A fail2ban-PFIX -j RETURN
  195. iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-PFIX returned successfully
  196. 2015-03-26 14:17:17,114 fail2ban.actions.action[3099]: DEBUG iptables -N fail2ban-DCOT
  197. iptables -A fail2ban-DCOT -j RETURN
  198. iptables -I INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j fail2ban-DCOT returned successfully
  199. 2015-03-26 14:17:17,118 fail2ban.actions.action[3099]: DEBUG iptables -N fail2ban-SASL
  200. iptables -A fail2ban-SASL -j RETURN
  201. iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission -j fail2ban-SASL returned successfully
Advertisement
RAW Paste Data Copied
Advertisement