How to ignore email or domain in fail2ban

Post Reply
User avatar
isscbta
Team Member
Posts: 151
Joined: Mon Jul 19, 2021 1:41 am
Has thanked: 18 times
Been thanked: 3 times

If you got into problem with user who is constantly getting his IP banned because wrong email credentials, change this in your /etc/fail2ban/filter.d/dovecot.conf file

First run:

Code: Select all

mcedit /etc/fail2ban/filter.d/dovecot.conf
FIND:

Code: Select all

ignoreregex =
REPLACE INTO:

Code: Select all

ignoreregex = .*@some-domain.com.*
              .*@another-domain.com.*
You can do the same also for file:

Code: Select all

mcedit /etc/fail2ban/filter.d/exim.conf

Then restart fail2ban:

Code: Select all

systemctl restart fail2ban
In order to check filter to see what fail2ban will really ignore:

Code: Select all

fail2ban-regex -v --print-all-ignored /var/log/dovecot.log /etc/fail2ban/filter.d/dovecot.conf
or for Exim:

Code: Select all

fail2ban-regex -v --print-all-ignored /var/log/exim4/mainlog /etc/fail2ban/filter.d/exim.conf
Tags:
fail2ban
howto
ignoring-domain
ignoring-email
Top
Post Reply

Return to “Firewall”