How to ignore email or domain in fail2ban
How to ignore email or domain in fail2ban
If you got into problem with user who is constantly getting his IP banned because wrong email credentials, change this in your /etc/fail2ban/filter.d/dovecot.conf file
First run:
FIND:
REPLACE INTO:
You can do the same also for file:
Then restart fail2ban:
In order to check filter to see what fail2ban will really ignore:
or for Exim:
First run:
Code: Select all
vi /etc/fail2ban/filter.d/dovecot.conf
Code: Select all
ignoreregex =
Code: Select all
ignoreregex = .*@some-domain.com.*
.*@another-domain.com.*
Code: Select all
vi /etc/fail2ban/filter.d/exim.conf
Then restart fail2ban:
Code: Select all
systemctl restart fail2ban
Code: Select all
fail2ban-regex -v --print-all-ignored /var/log/dovecot.log /etc/fail2ban/filter.d/dovecot.conf
Code: Select all
fail2ban-regex -v --print-all-ignored /var/log/exim4/mainlog /etc/fail2ban/filter.d/exim.conf
Tags: