nowwhat
02/04/2015, 22h28

Si ça n'a pas l'air de marcher, t'as fait quelque chose qu'il fallait pas.
T'as redémarrer fail2ban ?
Que donne:
fail2ban-client status
fail2ban-client -d
Plus clair encore:
fail2ban-client -d | grep 'maxretry'
PS: donc le cite " www.william-vital.fr" (= 91.121.7.38) te spam avec des mails ?
Sinon: fail2ban chez moi : http://www.test-domaine.fr/munin/pap.../fail2ban.html
Ton image https://www.dropbox.com/s/75of1o57hu...32.09.png?dl=0 liste que des bans qui ont été trouvé par le filtre "ssh".
Qui filtre que le le log "auth.log" pour des messages lié au ssh.
Pour le mail, il te faut des filtres genre;
[ /etc/fail2ban/filter.d/couriersmtp.conf]
Code:
# Fail2Ban configuration file # # Author: Cyril Jaquier # # $Revision$ # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P [\w\-.^_]+) # Values: TEXT # _daemon = courieresmtpd failregex = ^%(__prefix_line)serror,relay= ,.*: 550 User unknown\.$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =
Code:
# Fail2Ban configuration file # # Author: Cyril Jaquier # # $Revision$ # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P [\w\-.^_]+) # Values: TEXT # _daemon = postfix/smtpd failregex = NOQUEUE: reject: RCPT from \S+\[ \]: 554 5\.7\.1 .*$ lost connection after UNKNOWN from unknown\[ \]$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =
R2 = 'OS type "débrouille toi"'
http://www.fail2ban.org/wiki/index.p...neral_settings - et tu trouve que 'maxretry', si il n'est pas défini dans un 'jail', est 3.
Puis, oui, on est tous heureux que tout ça n'a pas a été inventé à Peking .....