主题: fail2ban 執行停止運作
==== ==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.97
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):MySQL
- 使用的 Linux/BSD 发行版名称及版本号:CentOS 6.8
- 与您的问题相关的日志信息:
====
Dear ALL
求解一個問題
Fail2ban停止運作
Fail2ban debug
2018-01-17 12:49:04,734 fail2ban.server [3340]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2018-01-17 12:49:04,734 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dbfile', '/var/lib/fail2ban/fail2ban.sqlite3']
2018-01-17 12:49:04,812 fail2ban.database [3340]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2018-01-17 12:49:04,884 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dbpurgeage', '86400']
2018-01-17 12:49:04,885 fail2ban.transmitter [3340]: DEBUG Command: ['add', 'sshd', 'auto']
2018-01-17 12:49:04,885 fail2ban.jail [3340]: INFO Creating new jail 'sshd'
2018-01-17 12:49:05,119 fail2ban.jail [3340]: INFO Jail 'sshd' uses pyinotify {}
2018-01-17 12:49:05,119 fail2ban.filter [3340]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd'))
2018-01-17 12:49:05,133 fail2ban.filter [3340]: DEBUG Created FilterPyinotify(Jail('sshd'))
2018-01-17 12:49:05,133 fail2ban.filterpyinotify[3340]: DEBUG Created FilterPyinotify
2018-01-17 12:49:05,133 fail2ban.jail [3340]: INFO Initiated 'pyinotify' backend
2018-01-17 12:49:05,134 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'usedns', 'warn']
2018-01-17 12:49:05,134 fail2ban.filter [3340]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd'))
2018-01-17 12:49:05,134 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'addlogpath', '/var/log/secure', 'head']
2018-01-17 12:49:05,225 fail2ban.filter [3340]: INFO Added logfile = /var/log/secure
2018-01-17 12:49:05,225 fail2ban.filterpyinotify[3340]: DEBUG Added monitor for the parent directory /var/log
2018-01-17 12:49:05,225 fail2ban.filterpyinotify[3340]: DEBUG Added file watcher for /var/log/secure
2018-01-17 12:49:05,226 fail2ban.datedetector [3340]: DEBUG Sorting the template list
2018-01-17 12:49:05,226 fail2ban.datedetector [3340]: DEBUG Winning template: (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? with 0 hits
2018-01-17 12:49:05,226 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'maxretry', '5']
2018-01-17 12:49:05,226 fail2ban.filter [3340]: INFO Set maxRetry = 5
2018-01-17 12:49:05,226 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'addignoreip', '127.0.0.1']
2018-01-17 12:49:05,227 fail2ban.filter [3340]: DEBUG Add 127.0.0.1 to ignore list
2018-01-17 12:49:05,227 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'addignoreip', '127.0.0.0/8']
2018-01-17 12:49:05,227 fail2ban.filter [3340]: DEBUG Add 127.0.0.0/8 to ignore list
2018-01-17 12:49:05,227 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'addignoreip', '10.0.0.0/8']
2018-01-17 12:49:05,227 fail2ban.filter [3340]: DEBUG Add 10.0.0.0/8 to ignore list
2018-01-17 12:49:05,227 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'addignoreip', '172.16.0.0/12']
2018-01-17 12:49:05,227 fail2ban.filter [3340]: DEBUG Add 172.16.0.0/12 to ignore list
2018-01-17 12:49:05,228 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'addignoreip', '192.168.0.0/16']
2018-01-17 12:49:05,228 fail2ban.filter [3340]: DEBUG Add 192.168.0.0/16 to ignore list
2018-01-17 12:49:05,228 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'logencoding', 'auto']
2018-01-17 12:49:05,228 fail2ban.filter [3340]: INFO Set jail log file encoding to UTF-8
2018-01-17 12:49:05,228 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'bantime', '25920000']
2018-01-17 12:49:05,228 fail2ban.actions [3340]: INFO Set banTime = 25920000
2018-01-17 12:49:05,228 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'ignorecommand', '']
2018-01-17 12:49:05,229 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'findtime', '600']
2018-01-17 12:49:05,229 fail2ban.filter [3340]: INFO Set findtime = 600
2018-01-17 12:49:05,229 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'maxlines', '10']
2018-01-17 12:49:05,229 fail2ban.filter [3340]: INFO Set maxlines = 10
2018-01-17 12:49:05,547 fail2ban.server [3340]: INFO Jail sshd is not a JournalFilter instance
2018-01-17 12:49:05,547 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'addaction', 'iptables-multiport']
2018-01-17 12:49:05,547 fail2ban.CommandAction [3340]: DEBUG Set action iptables-multiport timeout = 60
2018-01-17 12:49:05,547 fail2ban.CommandAction [3340]: DEBUG Set actionstart =
2018-01-17 12:49:05,547 fail2ban.CommandAction [3340]: DEBUG Set actionban =
2018-01-17 12:49:05,547 fail2ban.CommandAction [3340]: DEBUG Set actionunban =
2018-01-17 12:49:05,547 fail2ban.CommandAction [3340]: DEBUG Set actioncheck =
2018-01-17 12:49:05,547 fail2ban.CommandAction [3340]: DEBUG Set actionstop =
2018-01-17 12:49:05,547 fail2ban.CommandAction [3340]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
2018-01-17 12:49:05,548 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'action', 'iptables-multiport', 'actionban', '<iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>']
2018-01-17 12:49:05,548 fail2ban.CommandAction [3340]: DEBUG Set actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
2018-01-17 12:49:05,548 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'action', 'iptables-multiport', 'actionstop', '<iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>\n<iptables> -F f2b-<name>\n<iptables> -X f2b-<name>']
2018-01-17 12:49:05,548 fail2ban.CommandAction [3340]: DEBUG Set actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
<iptables> -F f2b-<name>
<iptables> -X f2b-<name>
2018-01-17 12:49:05,548 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd', 'action', 'iptables-multiport', 'actionstart', '<iptables> -N f2b-<name>\n<iptables> -A f2b-<name> -j <returntype>\n<iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>']
2018-01-17 12:49:05,549 fail2ban.CommandAction [3340]: DEBUG Set actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype>
<iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
2018-01-17 12:49:05,555 fail2ban.jail [3340]: INFO Creating new jail 'sshd-ddos'
2018-01-17 12:49:05,555 fail2ban.jail [3340]: INFO Jail 'sshd-ddos' uses pyinotify {}
2018-01-17 12:49:05,555 fail2ban.filter [3340]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd-ddos'))
2018-01-17 12:49:05,556 fail2ban.filter [3340]: DEBUG Created FilterPyinotify(Jail('sshd-ddos'))
2018-01-17 12:49:05,556 fail2ban.filterpyinotify[3340]: DEBUG Created FilterPyinotify
2018-01-17 12:49:05,556 fail2ban.jail [3340]: INFO Initiated 'pyinotify' backend
2018-01-17 12:49:05,556 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'usedns', 'warn']
2018-01-17 12:49:05,556 fail2ban.filter [3340]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd-ddos'))
2018-01-17 12:49:05,556 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'addlogpath', '/var/log/secure', 'head']
2018-01-17 12:49:05,557 fail2ban.filter [3340]: INFO Added logfile = /var/log/secure
2018-01-17 12:49:05,557 fail2ban.filterpyinotify[3340]: DEBUG Added monitor for the parent directory /var/log
2018-01-17 12:49:05,557 fail2ban.filterpyinotify[3340]: DEBUG Added file watcher for /var/log/secure
2018-01-17 12:49:05,557 fail2ban.datedetector [3340]: DEBUG Sorting the template list
2018-01-17 12:49:05,557 fail2ban.datedetector [3340]: DEBUG Winning template: (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? with 0 hits
2018-01-17 12:49:05,557 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'maxretry', '5']
2018-01-17 12:49:05,558 fail2ban.filter [3340]: INFO Set maxRetry = 5
2018-01-17 12:49:05,558 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'addignoreip', '127.0.0.1']
2018-01-17 12:49:05,558 fail2ban.filter [3340]: DEBUG Add 127.0.0.1 to ignore list
2018-01-17 12:49:05,558 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'addignoreip', '127.0.0.0/8']
2018-01-17 12:49:05,558 fail2ban.filter [3340]: DEBUG Add 127.0.0.0/8 to ignore list
2018-01-17 12:49:05,558 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'addignoreip', '10.0.0.0/8']
2018-01-17 12:49:05,558 fail2ban.filter [3340]: DEBUG Add 10.0.0.0/8 to ignore list
2018-01-17 12:49:05,558 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'addignoreip', '172.16.0.0/12']
2018-01-17 12:49:05,559 fail2ban.filter [3340]: DEBUG Add 172.16.0.0/12 to ignore list
2018-01-17 12:49:05,559 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'addignoreip', '192.168.0.0/16']
2018-01-17 12:49:05,559 fail2ban.filter [3340]: DEBUG Add 192.168.0.0/16 to ignore list
2018-01-17 12:49:05,559 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'logencoding', 'auto']
2018-01-17 12:49:05,559 fail2ban.filter [3340]: INFO Set jail log file encoding to UTF-8
2018-01-17 12:49:05,559 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'bantime', '25920000']
2018-01-17 12:49:05,559 fail2ban.actions [3340]: INFO Set banTime = 25920000
2018-01-17 12:49:05,560 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'ignorecommand', '']
2018-01-17 12:49:05,560 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'findtime', '600']
2018-01-17 12:49:05,560 fail2ban.filter [3340]: INFO Set findtime = 600
2018-01-17 12:49:05,560 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserver_\\S+\\s+)?(?:(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)\\s+)?(?:\\[ID \\d+ \\S+\\]\\s+)?Did not receive identification string from <HOST>\\s*$']
2018-01-17 12:49:05,562 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'addjournalmatch', '_SYSTEMD_UNIT=sshd.service', '+', '_COMM=sshd']
2018-01-17 12:49:05,562 fail2ban.server [3340]: INFO Jail sshd-ddos is not a JournalFilter instance
2018-01-17 12:49:05,562 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'addaction', 'iptables-multiport']
2018-01-17 12:49:05,562 fail2ban.CommandAction [3340]: DEBUG Set action iptables-multiport timeout = 60
2018-01-17 12:49:05,562 fail2ban.CommandAction [3340]: DEBUG Set actionstart =
2018-01-17 12:49:05,562 fail2ban.CommandAction [3340]: DEBUG Set actionban =
2018-01-17 12:49:05,562 fail2ban.CommandAction [3340]: DEBUG Set actionunban =
2018-01-17 12:49:05,562 fail2ban.CommandAction [3340]: DEBUG Set actioncheck =
2018-01-17 12:49:05,562 fail2ban.CommandAction [3340]: DEBUG Set actionstop =
2018-01-17 12:49:05,562 fail2ban.CommandAction [3340]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
2018-01-17 12:49:05,563 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'actionban', '<iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>']
2018-01-17 12:49:05,563 fail2ban.CommandAction [3340]: DEBUG Set actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
2018-01-17 12:49:05,563 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'actionstop', '<iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>\n<iptables> -F f2b-<name>\n<iptables> -X f2b-<name>']
2018-01-17 12:49:05,563 fail2ban.CommandAction [3340]: DEBUG Set actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
<iptables> -F f2b-<name>
<iptables> -X f2b-<name>
2018-01-17 12:49:05,563 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'actionstart', '<iptables> -N f2b-<name>\n<iptables> -A f2b-<name> -j <returntype>\n<iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>']
2018-01-17 12:49:05,563 fail2ban.CommandAction [3340]: DEBUG Set actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype>
<iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
2018-01-17 12:49:05,564 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'actionunban', '<iptables> -D f2b-<name> -s <ip> -j <blocktype>']
2018-01-17 12:49:05,564 fail2ban.CommandAction [3340]: DEBUG Set actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
2018-01-17 12:49:05,564 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'actioncheck', "<iptables> -n -L <chain> | grep -q 'f2b-<name>[ \\t]'"]
2018-01-17 12:49:05,564 fail2ban.CommandAction [3340]: DEBUG Set actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
2018-01-17 12:49:05,564 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'protocol', 'tcp']
2018-01-17 12:49:05,564 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'chain', 'INPUT']
2018-01-17 12:49:05,565 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'lockingopt', '']
2018-01-17 12:49:05,565 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/known/name', 'default']
2018-01-17 12:49:05,565 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
2018-01-17 12:49:05,565 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/lockingopt', '']
2018-01-17 12:49:05,565 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/known/port', 'ssh']
2018-01-17 12:49:05,566 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/protocol', 'tcp']
2018-01-17 12:49:05,566 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/known/lockingopt', '']
2018-01-17 12:49:05,566 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'port', '22']
2018-01-17 12:49:05,566 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/known/chain', 'INPUT']
2018-01-17 12:49:05,566 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/name', 'default']
2018-01-17 12:49:05,567 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/known/protocol', 'tcp']
2018-01-17 12:49:05,567 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'iptables', 'iptables <lockingopt>']
2018-01-17 12:49:05,567 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/__name__', 'Init']
2018-01-17 12:49:05,567 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'returntype', 'RETURN']
2018-01-17 12:49:05,567 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/returntype', 'RETURN']
2018-01-17 12:49:05,568 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/known/__name__', 'Init']
2018-01-17 12:49:05,568 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/known/returntype', 'RETURN']
2018-01-17 12:49:05,568 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'name', 'sshd-ddos']
2018-01-17 12:49:05,568 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/known/blocktype', 'REJECT --reject-with icmp-port-unreachable']
2018-01-17 12:49:05,568 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/port', 'ssh']
2018-01-17 12:49:05,569 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/iptables', 'iptables <lockingopt>']
2018-01-17 12:49:05,569 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/chain', 'INPUT']
2018-01-17 12:49:05,569 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/blocktype', 'REJECT --reject-with icmp-port-unreachable']
2018-01-17 12:49:05,569 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'sshd-ddos', 'action', 'iptables-multiport', 'known/known/iptables', 'iptables <lockingopt>']
2018-01-17 12:49:05,569 fail2ban.transmitter [3340]: DEBUG Command: ['add', 'roundcube-iredmail', 'auto']
2018-01-17 12:49:05,569 fail2ban.jail [3340]: INFO Creating new jail 'roundcube-iredmail'
2018-01-17 12:49:05,569 fail2ban.jail [3340]: INFO Jail 'roundcube-iredmail' uses pyinotify {}
2018-01-17 12:49:05,570 fail2ban.filter [3340]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('roundcube-iredmail'))
2018-01-17 12:49:05,570 fail2ban.filter [3340]: DEBUG Created FilterPyinotify(Jail('roundcube-iredmail'))
2018-01-17 12:49:05,570 fail2ban.filterpyinotify[3340]: DEBUG Created FilterPyinotify
2018-01-17 12:49:05,570 fail2ban.jail [3340]: INFO Initiated 'pyinotify' backend
2018-01-17 12:49:05,571 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'usedns', 'warn']
2018-01-17 12:49:05,571 fail2ban.filter [3340]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('roundcube-iredmail'))
2018-01-17 12:49:05,571 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'addlogpath', '/var/log/maillog', 'head']
2018-01-17 12:49:05,626 fail2ban.filter [3340]: INFO Added logfile = /var/log/maillog
2018-01-17 12:49:05,626 fail2ban.filterpyinotify[3340]: DEBUG Added monitor for the parent directory /var/log
2018-01-17 12:49:05,627 fail2ban.filterpyinotify[3340]: DEBUG Added file watcher for /var/log/maillog
2018-01-17 12:49:05,673 fail2ban.datedetector [3340]: DEBUG Sorting the template list
2018-01-17 12:49:05,673 fail2ban.datedetector [3340]: DEBUG Winning template: (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? with 0 hits
2018-01-17 12:49:05,674 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'maxretry', '5']
2018-01-17 12:49:05,674 fail2ban.filter [3340]: INFO Set maxRetry = 5
2018-01-17 12:49:05,674 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'addignoreip', '127.0.0.1']
2018-01-17 12:49:05,674 fail2ban.filter [3340]: DEBUG Add 127.0.0.1 to ignore list
2018-01-17 12:49:05,674 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'addignoreip', '127.0.0.0/8']
2018-01-17 12:49:05,674 fail2ban.filter [3340]: DEBUG Add 127.0.0.0/8 to ignore list
2018-01-17 12:49:05,675 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'addignoreip', '10.0.0.0/8']
2018-01-17 12:49:05,675 fail2ban.filter [3340]: DEBUG Add 10.0.0.0/8 to ignore list
2018-01-17 12:49:05,675 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'addignoreip', '172.16.0.0/12']
2018-01-17 12:49:05,675 fail2ban.filter [3340]: DEBUG Add 172.16.0.0/12 to ignore list
2018-01-17 12:49:05,675 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'addignoreip', '192.168.0.0/16']
2018-01-17 12:49:05,675 fail2ban.filter [3340]: DEBUG Add 192.168.0.0/16 to ignore list
2018-01-17 12:49:05,675 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'logencoding', 'auto']
2018-01-17 12:49:05,675 fail2ban.filter [3340]: INFO Set jail log file encoding to UTF-8
2018-01-17 12:49:05,676 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'bantime', '25920000']
2018-01-17 12:49:05,676 fail2ban.actions [3340]: INFO Set banTime = 25920000
2018-01-17 12:49:05,676 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'ignorecommand', '']
2018-01-17 12:49:05,676 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'findtime', '600']
2018-01-17 12:49:05,676 fail2ban.filter [3340]: INFO Set findtime = 600
2018-01-17 12:49:05,676 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'addfailregex', 'roundcube: (.*) Error: Login failed for (.*) from <HOST>\\.']
2018-01-17 12:49:05,677 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'addfailregex', 'roundcube: (.*) Error: Login failed for (.*) from <HOST>\\(']
2018-01-17 12:49:05,677 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'addaction', 'iptables-multiport']
2018-01-17 12:49:05,677 fail2ban.CommandAction [3340]: DEBUG Set action iptables-multiport timeout = 60
2018-01-17 12:49:05,677 fail2ban.CommandAction [3340]: DEBUG Set actionstart =
2018-01-17 12:49:05,678 fail2ban.CommandAction [3340]: DEBUG Set actionban =
2018-01-17 12:49:05,678 fail2ban.CommandAction [3340]: DEBUG Set actionunban =
2018-01-17 12:49:05,678 fail2ban.CommandAction [3340]: DEBUG Set actioncheck =
2018-01-17 12:49:05,678 fail2ban.CommandAction [3340]: DEBUG Set actionstop =
2018-01-17 12:49:05,678 fail2ban.CommandAction [3340]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
2018-01-17 12:49:05,678 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'actionban', '<iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>']
2018-01-17 12:49:05,678 fail2ban.CommandAction [3340]: DEBUG Set actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
2018-01-17 12:49:05,678 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'actionstop', '<iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>\n<iptables> -F f2b-<name>\n<iptables> -X f2b-<name>']
2018-01-17 12:49:05,678 fail2ban.CommandAction [3340]: DEBUG Set actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
<iptables> -F f2b-<name>
<iptables> -X f2b-<name>
2018-01-17 12:49:05,678 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'actionstart', '<iptables> -N f2b-<name>\n<iptables> -A f2b-<name> -j <returntype>\n<iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>']
2018-01-17 12:49:05,678 fail2ban.CommandAction [3340]: DEBUG Set actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype>
<iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
2018-01-17 12:49:05,679 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'actionunban', '<iptables> -D f2b-<name> -s <ip> -j <blocktype>']
2018-01-17 12:49:05,679 fail2ban.CommandAction [3340]: DEBUG Set actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
2018-01-17 12:49:05,679 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'actioncheck', "<iptables> -n -L <chain> | grep -q 'f2b-<name>[ \\t]'"]
2018-01-17 12:49:05,679 fail2ban.CommandAction [3340]: DEBUG Set actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
2018-01-17 12:49:05,679 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'protocol', 'tcp']
2018-01-17 12:49:05,679 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'chain', 'INPUT']
2018-01-17 12:49:05,680 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'lockingopt', '']
2018-01-17 12:49:05,680 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/known/name', 'default']
2018-01-17 12:49:05,680 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
2018-01-17 12:49:05,681 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/lockingopt', '']
2018-01-17 12:49:05,681 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/known/port', 'ssh']
2018-01-17 12:49:05,681 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/protocol', 'tcp']
2018-01-17 12:49:05,681 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/known/lockingopt', '']
2018-01-17 12:49:05,682 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'port', 'http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve']
2018-01-17 12:49:05,682 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/known/chain', 'INPUT']
2018-01-17 12:49:05,682 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/name', 'default']
2018-01-17 12:49:05,682 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/known/protocol', 'tcp']
2018-01-17 12:49:05,683 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'iptables', 'iptables <lockingopt>']
2018-01-17 12:49:05,683 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/__name__', 'Init']
2018-01-17 12:49:05,683 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'returntype', 'RETURN']
2018-01-17 12:49:05,683 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/returntype', 'RETURN']
2018-01-17 12:49:05,684 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/known/__name__', 'Init']
2018-01-17 12:49:05,684 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/known/returntype', 'RETURN']
2018-01-17 12:49:05,684 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'name', 'roundcube']
2018-01-17 12:49:05,684 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/known/blocktype', 'REJECT --reject-with icmp-port-unreachable']
2018-01-17 12:49:05,684 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/port', 'ssh']
2018-01-17 12:49:05,685 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/iptables', 'iptables <lockingopt>']
2018-01-17 12:49:05,685 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/chain', 'INPUT']
2018-01-17 12:49:05,685 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/blocktype', 'REJECT --reject-with icmp-port-unreachable']
2018-01-17 12:49:05,685 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'roundcube-iredmail', 'action', 'iptables-multiport', 'known/known/iptables', 'iptables <lockingopt>']
2018-01-17 12:49:05,685 fail2ban.transmitter [3340]: DEBUG Command: ['add', 'dovecot-iredmail', 'auto']
2018-01-17 12:49:05,685 fail2ban.jail [3340]: INFO Creating new jail 'dovecot-iredmail'
2018-01-17 12:49:05,685 fail2ban.jail [3340]: INFO Jail 'dovecot-iredmail' uses pyinotify {}
2018-01-17 12:49:05,686 fail2ban.filter [3340]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('dovecot-iredmail'))
2018-01-17 12:49:05,686 fail2ban.filter [3340]: DEBUG Created FilterPyinotify(Jail('dovecot-iredmail'))
2018-01-17 12:49:05,686 fail2ban.filterpyinotify[3340]: DEBUG Created FilterPyinotify
2018-01-17 12:49:05,686 fail2ban.jail [3340]: INFO Initiated 'pyinotify' backend
2018-01-17 12:49:05,687 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'usedns', 'warn']
2018-01-17 12:49:05,687 fail2ban.filter [3340]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('dovecot-iredmail'))
2018-01-17 12:49:05,687 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'addlogpath', '/var/log/dovecot.log', 'head']
2018-01-17 12:49:05,689 fail2ban.filter [3340]: INFO Added logfile = /var/log/dovecot.log
2018-01-17 12:49:05,689 fail2ban.filterpyinotify[3340]: DEBUG Added monitor for the parent directory /var/log
2018-01-17 12:49:05,689 fail2ban.filterpyinotify[3340]: DEBUG Added file watcher for /var/log/dovecot.log
2018-01-17 12:49:05,705 fail2ban.datedetector [3340]: DEBUG Sorting the template list
2018-01-17 12:49:05,705 fail2ban.datedetector [3340]: DEBUG Winning template: (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? with 0 hits
2018-01-17 12:49:05,706 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'maxretry', '5']
2018-01-17 12:49:05,706 fail2ban.filter [3340]: INFO Set maxRetry = 5
2018-01-17 12:49:05,706 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'addignoreip', '127.0.0.1']
2018-01-17 12:49:05,706 fail2ban.filter [3340]: DEBUG Add 127.0.0.1 to ignore list
2018-01-17 12:49:05,706 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'addignoreip', '127.0.0.0/8']
2018-01-17 12:49:05,706 fail2ban.filter [3340]: DEBUG Add 127.0.0.0/8 to ignore list
2018-01-17 12:49:05,706 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'addignoreip', '10.0.0.0/8']
2018-01-17 12:49:05,706 fail2ban.filter [3340]: DEBUG Add 10.0.0.0/8 to ignore list
2018-01-17 12:49:05,707 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'addignoreip', '172.16.0.0/12']
2018-01-17 12:49:05,707 fail2ban.filter [3340]: DEBUG Add 172.16.0.0/12 to ignore list
2018-01-17 12:49:05,707 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'addignoreip', '192.168.0.0/16']
2018-01-17 12:49:05,707 fail2ban.filter [3340]: DEBUG Add 192.168.0.0/16 to ignore list
2018-01-17 12:49:05,707 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'logencoding', 'auto']
2018-01-17 12:49:05,707 fail2ban.filter [3340]: INFO Set jail log file encoding to UTF-8
2018-01-17 12:49:05,707 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'bantime', '25920000']
2018-01-17 12:49:05,707 fail2ban.actions [3340]: INFO Set banTime = 25920000
2018-01-17 12:49:05,708 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'ignorecommand', '']
2018-01-17 12:49:05,708 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'findtime', '1800']
2018-01-17 12:49:05,708 fail2ban.filter [3340]: INFO Set findtime = 1800
2018-01-17 12:49:05,708 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'addfailregex', 'Authentication failure.* rip=<HOST>']
2018-01-17 12:49:05,709 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'addfailregex', '\\(auth failed.* rip=<HOST>']
2018-01-17 12:49:05,709 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'addfailregex', '\\(tried to use disallowed .* rip=<HOST>']
2018-01-17 12:49:05,710 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'addfailregex', '\\(tried to use disabled .* rip=<HOST>']
2018-01-17 12:49:05,710 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'addaction', 'iptables-multiport']
2018-01-17 12:49:05,710 fail2ban.CommandAction [3340]: DEBUG Set action iptables-multiport timeout = 60
2018-01-17 12:49:05,710 fail2ban.CommandAction [3340]: DEBUG Set actionstart =
2018-01-17 12:49:05,710 fail2ban.CommandAction [3340]: DEBUG Set actionban =
2018-01-17 12:49:05,710 fail2ban.CommandAction [3340]: DEBUG Set actionunban =
2018-01-17 12:49:05,710 fail2ban.CommandAction [3340]: DEBUG Set actioncheck =
2018-01-17 12:49:05,710 fail2ban.CommandAction [3340]: DEBUG Set actionstop =
2018-01-17 12:49:05,711 fail2ban.CommandAction [3340]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
2018-01-17 12:49:05,711 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'actionban', '<iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>']
2018-01-17 12:49:05,711 fail2ban.CommandAction [3340]: DEBUG Set actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
2018-01-17 12:49:05,711 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'actionstop', '<iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>\n<iptables> -F f2b-<name>\n<iptables> -X f2b-<name>']
2018-01-17 12:49:05,711 fail2ban.CommandAction [3340]: DEBUG Set actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
<iptables> -F f2b-<name>
<iptables> -X f2b-<name>
2018-01-17 12:49:05,711 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'actionstart', '<iptables> -N f2b-<name>\n<iptables> -A f2b-<name> -j <returntype>\n<iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>']
2018-01-17 12:49:05,711 fail2ban.CommandAction [3340]: DEBUG Set actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype>
<iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
2018-01-17 12:49:05,712 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'actionunban', '<iptables> -D f2b-<name> -s <ip> -j <blocktype>']
2018-01-17 12:49:05,712 fail2ban.CommandAction [3340]: DEBUG Set actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
2018-01-17 12:49:05,712 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'actioncheck', "<iptables> -n -L <chain> | grep -q 'f2b-<name>[ \\t]'"]
2018-01-17 12:49:05,712 fail2ban.CommandAction [3340]: DEBUG Set actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
2018-01-17 12:49:05,712 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'protocol', 'tcp']
2018-01-17 12:49:05,712 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'chain', 'INPUT']
2018-01-17 12:49:05,713 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'lockingopt', '']
2018-01-17 12:49:05,713 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/known/name', 'default']
2018-01-17 12:49:05,713 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
2018-01-17 12:49:05,713 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/lockingopt', '']
2018-01-17 12:49:05,713 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/known/port', 'ssh']
2018-01-17 12:49:05,714 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/protocol', 'tcp']
2018-01-17 12:49:05,714 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/known/lockingopt', '']
2018-01-17 12:49:05,714 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'port', 'http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve']
2018-01-17 12:49:05,714 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/known/chain', 'INPUT']
2018-01-17 12:49:05,714 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/name', 'default']
2018-01-17 12:49:05,715 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/known/protocol', 'tcp']
2018-01-17 12:49:05,715 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'iptables', 'iptables <lockingopt>']
2018-01-17 12:49:05,715 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/__name__', 'Init']
2018-01-17 12:49:05,715 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'returntype', 'RETURN']
2018-01-17 12:49:05,716 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/returntype', 'RETURN']
2018-01-17 12:49:05,716 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/known/__name__', 'Init']
2018-01-17 12:49:05,716 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/known/returntype', 'RETURN']
2018-01-17 12:49:05,716 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'name', 'dovecot']
2018-01-17 12:49:05,717 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/known/blocktype', 'REJECT --reject-with icmp-port-unreachable']
2018-01-17 12:49:05,717 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/port', 'ssh']
2018-01-17 12:49:05,717 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/iptables', 'iptables <lockingopt>']
2018-01-17 12:49:05,717 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/chain', 'INPUT']
2018-01-17 12:49:05,717 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/blocktype', 'REJECT --reject-with icmp-port-unreachable']
2018-01-17 12:49:05,718 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'dovecot-iredmail', 'action', 'iptables-multiport', 'known/known/iptables', 'iptables <lockingopt>']
2018-01-17 12:49:05,718 fail2ban.transmitter [3340]: DEBUG Command: ['add', 'postfix-iredmail', 'auto']
2018-01-17 12:49:05,718 fail2ban.jail [3340]: INFO Creating new jail 'postfix-iredmail'
2018-01-17 12:49:05,718 fail2ban.jail [3340]: INFO Jail 'postfix-iredmail' uses pyinotify {}
2018-01-17 12:49:05,718 fail2ban.filter [3340]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('postfix-iredmail'))
2018-01-17 12:49:05,719 fail2ban.filter [3340]: DEBUG Created FilterPyinotify(Jail('postfix-iredmail'))
2018-01-17 12:49:05,719 fail2ban.filterpyinotify[3340]: DEBUG Created FilterPyinotify
2018-01-17 12:49:05,719 fail2ban.jail [3340]: INFO Initiated 'pyinotify' backend
2018-01-17 12:49:05,719 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'usedns', 'warn']
2018-01-17 12:49:05,719 fail2ban.filter [3340]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('postfix-iredmail'))
2018-01-17 12:49:05,719 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addlogpath', '/var/log/maillog', 'head']
2018-01-17 12:49:05,720 fail2ban.filter [3340]: INFO Added logfile = /var/log/maillog
2018-01-17 12:49:05,720 fail2ban.filterpyinotify[3340]: DEBUG Added monitor for the parent directory /var/log
2018-01-17 12:49:05,720 fail2ban.filterpyinotify[3340]: DEBUG Added file watcher for /var/log/maillog
2018-01-17 12:49:05,720 fail2ban.datedetector [3340]: DEBUG Sorting the template list
2018-01-17 12:49:05,720 fail2ban.datedetector [3340]: DEBUG Winning template: (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? with 0 hits
2018-01-17 12:49:05,720 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'maxretry', '5']
2018-01-17 12:49:05,721 fail2ban.filter [3340]: INFO Set maxRetry = 5
2018-01-17 12:49:05,721 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addignoreip', '127.0.0.1']
2018-01-17 12:49:05,721 fail2ban.filter [3340]: DEBUG Add 127.0.0.1 to ignore list
2018-01-17 12:49:05,721 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addignoreip', '127.0.0.0/8']
2018-01-17 12:49:05,721 fail2ban.filter [3340]: DEBUG Add 127.0.0.0/8 to ignore list
2018-01-17 12:49:05,721 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addignoreip', '10.0.0.0/8']
2018-01-17 12:49:05,721 fail2ban.filter [3340]: DEBUG Add 10.0.0.0/8 to ignore list
2018-01-17 12:49:05,721 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addignoreip', '172.16.0.0/12']
2018-01-17 12:49:05,722 fail2ban.filter [3340]: DEBUG Add 172.16.0.0/12 to ignore list
2018-01-17 12:49:05,722 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addignoreip', '192.168.0.0/16']
2018-01-17 12:49:05,722 fail2ban.filter [3340]: DEBUG Add 192.168.0.0/16 to ignore list
2018-01-17 12:49:05,722 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'logencoding', 'auto']
2018-01-17 12:49:05,722 fail2ban.filter [3340]: INFO Set jail log file encoding to UTF-8
2018-01-17 12:49:05,722 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'bantime', '25920000']
2018-01-17 12:49:05,722 fail2ban.actions [3340]: INFO Set banTime = 25920000
2018-01-17 12:49:05,723 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'ignorecommand', '']
2018-01-17 12:49:05,723 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'findtime', '1800']
2018-01-17 12:49:05,723 fail2ban.filter [3340]: INFO Set findtime = 1800
2018-01-17 12:49:05,723 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addfailregex', '\\[<HOST>\\]: SASL (PLAIN|LOGIN) authentication failed']
2018-01-17 12:49:05,723 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addfailregex', 'lost connection after (AUTH|UNKNOWN|EHLO) from (.*)\\[<HOST>\\]']
2018-01-17 12:49:05,724 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addfailregex', 'reject: RCPT from (.*)\\[<HOST>\\]: 550 5.1.1']
2018-01-17 12:49:05,725 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addfailregex', 'reject: RCPT from (.*)\\[<HOST>\\]: 450 4.7.1']
2018-01-17 12:49:05,726 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addfailregex', 'reject: RCPT from (.*)\\[<HOST>\\]: 554 5.7.1']
2018-01-17 12:49:05,727 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addfailregex', 'reject: RCPT from (.*)\\[<HOST>\\]: 504 5.5.2 (.*) Helo command rejected: need fully-qualified hostname']
2018-01-17 12:49:05,728 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addfailregex', 'reject: RCPT from (.*)\\[<HOST>\\]:\\d+: 550']
2018-01-17 12:49:05,729 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addfailregex', 'warning: Illegal address syntax from (.*)\\[<HOST>\\] in RCPT command']
2018-01-17 12:49:05,730 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'addaction', 'iptables-multiport']
2018-01-17 12:49:05,731 fail2ban.CommandAction [3340]: DEBUG Set action iptables-multiport timeout = 60
2018-01-17 12:49:05,731 fail2ban.CommandAction [3340]: DEBUG Set actionstart =
2018-01-17 12:49:05,731 fail2ban.CommandAction [3340]: DEBUG Set actionban =
2018-01-17 12:49:05,731 fail2ban.CommandAction [3340]: DEBUG Set actionunban =
2018-01-17 12:49:05,731 fail2ban.CommandAction [3340]: DEBUG Set actioncheck =
2018-01-17 12:49:05,731 fail2ban.CommandAction [3340]: DEBUG Set actionstop =
2018-01-17 12:49:05,731 fail2ban.CommandAction [3340]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
2018-01-17 12:49:05,731 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'actionban', '<iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>']
2018-01-17 12:49:05,731 fail2ban.CommandAction [3340]: DEBUG Set actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
2018-01-17 12:49:05,731 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'actionstop', '<iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>\n<iptables> -F f2b-<name>\n<iptables> -X f2b-<name>']
2018-01-17 12:49:05,731 fail2ban.CommandAction [3340]: DEBUG Set actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
<iptables> -F f2b-<name>
<iptables> -X f2b-<name>
2018-01-17 12:49:05,732 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'actionstart', '<iptables> -N f2b-<name>\n<iptables> -A f2b-<name> -j <returntype>\n<iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>']
2018-01-17 12:49:05,732 fail2ban.CommandAction [3340]: DEBUG Set actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype>
<iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
2018-01-17 12:49:05,732 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'actionunban', '<iptables> -D f2b-<name> -s <ip> -j <blocktype>']
2018-01-17 12:49:05,732 fail2ban.CommandAction [3340]: DEBUG Set actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
2018-01-17 12:49:05,733 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'actioncheck', "<iptables> -n -L <chain> | grep -q 'f2b-<name>[ \\t]'"]
2018-01-17 12:49:05,733 fail2ban.CommandAction [3340]: DEBUG Set actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
2018-01-17 12:49:05,733 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'protocol', 'tcp']
2018-01-17 12:49:05,733 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'chain', 'INPUT']
2018-01-17 12:49:05,733 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'lockingopt', '']
2018-01-17 12:49:05,733 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/known/name', 'default']
2018-01-17 12:49:05,734 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
2018-01-17 12:49:05,734 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/lockingopt', '']
2018-01-17 12:49:05,734 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/known/port', 'ssh']
2018-01-17 12:49:05,734 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/protocol', 'tcp']
2018-01-17 12:49:05,734 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/known/lockingopt', '']
2018-01-17 12:49:05,735 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'port', 'http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve']
2018-01-17 12:49:05,735 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/known/chain', 'INPUT']
2018-01-17 12:49:05,735 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/name', 'default']
2018-01-17 12:49:05,735 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/known/protocol', 'tcp']
2018-01-17 12:49:05,735 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'iptables', 'iptables <lockingopt>']
2018-01-17 12:49:05,736 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/__name__', 'Init']
2018-01-17 12:49:05,736 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'returntype', 'RETURN']
2018-01-17 12:49:05,736 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/returntype', 'RETURN']
2018-01-17 12:49:05,736 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/known/__name__', 'Init']
2018-01-17 12:49:05,737 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/known/returntype', 'RETURN']
2018-01-17 12:49:05,737 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'name', 'postfix']
2018-01-17 12:49:05,737 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/known/blocktype', 'REJECT --reject-with icmp-port-unreachable']
2018-01-17 12:49:05,737 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/port', 'ssh']
2018-01-17 12:49:05,738 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/iptables', 'iptables <lockingopt>']
2018-01-17 12:49:05,738 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/chain', 'INPUT']
2018-01-17 12:49:05,738 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/blocktype', 'REJECT --reject-with icmp-port-unreachable']
2018-01-17 12:49:05,738 fail2ban.transmitter [3340]: DEBUG Command: ['set', 'postfix-iredmail', 'action', 'iptables-multiport', 'known/known/iptables', 'iptables <lockingopt>']
2018-01-17 12:49:05,739 fail2ban.transmitter [3340]: DEBUG Command: ['start', 'sshd']
2018-01-17 12:49:06,846 fail2ban.actions [3340]: NOTICE [sshd] Ban 101.204.247.104
2018-01-17 12:49:06,847 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-sshd[ \t]'
2018-01-17 12:49:06,950 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-sshd[ \t]' -- stdout: ''
2018-01-17 12:49:06,950 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-sshd[ \t]' -- stderr: ''
2018-01-17 12:49:06,950 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-sshd[ \t]' -- returned successfully
2018-01-17 12:49:07,088 fail2ban.jail [3340]: INFO Jail 'postfix-iredmail' started
2018-01-17 12:49:07,096 fail2ban.action [3340]: DEBUG iptables -I f2b-roundcube 1 -s 111.71.35.143 -j REJECT --reject-with icmp-port-unreachable
2018-01-17 12:49:07,156 fail2ban.action [3340]: DEBUG iptables -I f2b-sshd 1 -s 101.204.247.104 -j REJECT --reject-with icmp-port-unreachable
2018-01-17 12:49:07,199 fail2ban.action [3340]: DEBUG iptables -I f2b-roundcube 1 -s 111.71.35.143 -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
2018-01-17 12:49:07,199 fail2ban.action [3340]: DEBUG iptables -I f2b-roundcube 1 -s 111.71.35.143 -j REJECT --reject-with icmp-port-unreachable -- stderr: ''
2018-01-17 12:49:07,199 fail2ban.action [3340]: DEBUG iptables -I f2b-roundcube 1 -s 111.71.35.143 -j REJECT --reject-with icmp-port-unreachable -- returned successfully
2018-01-17 12:49:07,226 fail2ban.actions [3340]: NOTICE [dovecot-iredmail] Ban 1.200.218.78
2018-01-17 12:49:07,227 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-dovecot[ \t]'
2018-01-17 12:49:07,302 fail2ban.action [3340]: DEBUG iptables -I f2b-sshd 1 -s 101.204.247.104 -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
2018-01-17 12:49:07,302 fail2ban.action [3340]: DEBUG iptables -I f2b-sshd 1 -s 101.204.247.104 -j REJECT --reject-with icmp-port-unreachable -- stderr: ''
2018-01-17 12:49:07,302 fail2ban.action [3340]: DEBUG iptables -I f2b-sshd 1 -s 101.204.247.104 -j REJECT --reject-with icmp-port-unreachable -- returned successfully
2018-01-17 12:49:07,302 fail2ban.actions [3340]: NOTICE [sshd] Ban 101.78.196.27
2018-01-17 12:49:07,304 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-sshd[ \t]'
2018-01-17 12:49:07,405 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-dovecot[ \t]' -- stdout: ''
2018-01-17 12:49:07,405 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-dovecot[ \t]' -- stderr: ''
2018-01-17 12:49:07,406 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-dovecot[ \t]' -- returned successfully
2018-01-17 12:49:08,233 fail2ban.actions [3340]: NOTICE [postfix-iredmail] Ban 1.197.72.13
2018-01-17 12:49:08,233 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-postfix[ \t]'
2018-01-17 12:49:08,257 fail2ban.filterpyinotify[3340]: DEBUG Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/dovecot.log pathname=/var/log/dovecot.log wd=2 >
2018-01-17 12:49:08,258 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,258 fail2ban.datedetector [3340]: DEBUG Got time 1516130105.000000 for "u'Jan 17 03:15:05'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,258 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,258 fail2ban.datedetector [3340]: DEBUG Got time 1516130115.000000 for "u'Jan 17 03:15:15'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,258 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,258 fail2ban.datedetector [3340]: DEBUG Got time 1516130122.000000 for "u'Jan 17 03:15:22'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,258 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Got time 1516130128.000000 for "u'Jan 17 03:15:28'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Got time 1516130132.000000 for "u'Jan 17 03:15:32'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Got time 1516130138.000000 for "u'Jan 17 03:15:38'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Got time 1516130149.000000 for "u'Jan 17 03:15:49'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Got time 1516130155.000000 for "u'Jan 17 03:15:55'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Got time 1516130166.000000 for "u'Jan 17 03:16:06'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Got time 1516130172.000000 for "u'Jan 17 03:16:12'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,259 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,260 fail2ban.datedetector [3340]: DEBUG Got time 1516130183.000000 for "u'Jan 17 03:16:23'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,260 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,260 fail2ban.datedetector [3340]: DEBUG Got time 1516130189.000000 for "u'Jan 17 03:16:29'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,260 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,260 fail2ban.datedetector [3340]: DEBUG Got time 1516130200.000000 for "u'Jan 17 03:16:40'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:08,334 fail2ban.action [3340]: DEBUG iptables -I f2b-sshd 1 -s 103.1.210.4 -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
2018-01-17 12:49:08,334 fail2ban.action [3340]: DEBUG iptables -I f2b-sshd 1 -s 103.1.210.4 -j REJECT --reject-with icmp-port-unreachable -- stderr: ''
2018-01-17 12:49:08,334 fail2ban.action [3340]: DEBUG iptables -I f2b-sshd 1 -s 103.1.210.4 -j REJECT --reject-with icmp-port-unreachable -- returned successfully
2018-01-17 12:49:08,334 fail2ban.actions [3340]: NOTICE [sshd] Ban 103.195.90.148
2018-01-17 12:49:08,335 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-sshd[ \t]'
...中間省略
2018-01-17 12:49:32,559 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:32,559 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-dovecot[ \t]' -- stdout: ''
2018-01-17 12:49:32,559 fail2ban.datedetector [3340]: DEBUG Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:32,560 fail2ban.datedetector [3340]: DEBUG Got time 1516149458.000000 for "u'Jan 17 08:37:38'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:32,560 fail2ban.datedetector [3340]: DEBUG Got time 1516149180.000000 for "u'Jan 17 08:33:00'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2018-01-17 12:49:32,560 fail2ban.action [3340]: DEBUG iptables -n -L INPUT | grep -q 'f2b-dovecot[ \t]' -- stderr: ''
ps aux | grep fail2ban
root 3340 0.6 0.3 1052704 25236 ? Sl 12:49 0:07 /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
root 5753 0.0 0.0 108948 1252 pts/0 S+ 13:07 0:00 grep fail2ban
fail2ban 重啟卡住沒有動靜 重開機沒兩分鐘也就停止了