July 10, 2012 Archives

10-07-2012 12:44

Dovecot and fail2ban on CentOS 6

I have fail2ban on my CentOS 6 server. It wasn't a smooth install and I had to fiddle with some configs to get it all working, but it does. One thing I noticed in my logwatch was pop3 failed authentications where getting into the hundreds per IP address. With maxretry set to 10, this should not be possible. After painstaking troubleshooting, I found to realise that the IP I was looking for, as an example was indeed in the mail logs for a failed auth, but only when trying IMAP. One can only assume pop3 was tried first and then IMAP and at that point the IP was banned. Looking further and testing with telnet from a remote client, pop3 fails authentications were not being logged at all.

Answer: you need to set auth_verbose=yes in dovecot.conf

Posted by DaveQB | Permanent Link | Categories: IT