Dear All,
I need help, from my exim_mainlog i found lot of:
- 2019-01-30 00:04:55 dovecot_plain authenticator failed for (127.0.0.1 - xxx.xxx.xxx.xxx -) [127.0.0.1]:60744: 535 Incorrect authentication data ([email protected])
- 2019-01-30 00:19:33 dovecot_plain authenticator failed for ([127.0.0.1] - xxx.xxx.xxx.xxx -) [127.0.0.1]:33466: 535 Incorrect authentication data ([email protected]
- 2019-01-29 21:06:31 dovecot_plain authenticator failed for (attacker.hostname.net - xxx.xxx.xxx.xxx -) [127.0.0.1]:49672: 535 Incorrect authentication data ([email protected])
So how can i make a proper fail2ban rule to detect all those xxx.xxx.xxx.xxx ?
Please help and Thank you so much
I need help, from my exim_mainlog i found lot of:
- 2019-01-30 00:04:55 dovecot_plain authenticator failed for (127.0.0.1 - xxx.xxx.xxx.xxx -) [127.0.0.1]:60744: 535 Incorrect authentication data ([email protected])
- 2019-01-30 00:19:33 dovecot_plain authenticator failed for ([127.0.0.1] - xxx.xxx.xxx.xxx -) [127.0.0.1]:33466: 535 Incorrect authentication data ([email protected]
- 2019-01-29 21:06:31 dovecot_plain authenticator failed for (attacker.hostname.net - xxx.xxx.xxx.xxx -) [127.0.0.1]:49672: 535 Incorrect authentication data ([email protected])
So how can i make a proper fail2ban rule to detect all those xxx.xxx.xxx.xxx ?
Please help and Thank you so much