How to ignore email or domain in fail2ban
Posted: Sun Aug 29, 2021 9:13 pm
If you got into problem with user who is constantly getting his IP banned because wrong email credentials, change this in your /etc/fail2ban/filter.d/dovecot.conf file
First run:
FIND:
REPLACE INTO:
You can do the same also for file:
Then restart fail2ban:
In order to check filter to see what fail2ban will really ignore:
or for Exim:
First run:
Code: Select all
mcedit /etc/fail2ban/filter.d/dovecot.conf
Code: Select all
ignoreregex =
Code: Select all
ignoreregex = .*@some-domain.com.*
.*@another-domain.com.*
Code: Select all
mcedit /etc/fail2ban/filter.d/exim.conf
Then restart fail2ban:
Code: Select all
systemctl restart fail2ban
Code: Select all
fail2ban-regex -v --print-all-ignored /var/log/dovecot.log /etc/fail2ban/filter.d/dovecot.conf
Code: Select all
fail2ban-regex -v --print-all-ignored /var/log/exim4/mainlog /etc/fail2ban/filter.d/exim.conf