Fail2ban is not blocking repeated attemtps on postfix and dovecot

I have this, every 2 seconds with a different “ruser”, from the same IP address:

Nov 07 16:31:20 fbox auth[4646]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=kanker rhost=5.34.207.52

Also, I have this repeated every 2 seconds:
Nov 07 16:31:24 fbox postfix/smtpd[4605]: warning: unknown[5.34.207.55]: SASL LOGIN authentication failed: Connection lost to authentication server
Nov 07 16:31:24 fbox postfix/smtpd[4615]: warning: unknown[5.34.207.52]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

The IP addresses are 5.34.207.52 and 5.34.207.55.

Shouldn’t fail2ban block this?

Fail2ban blocking postfix/dovecot login attempts has not been implemented yet.

@Avron I submitted a merge request for this issue.

1 Like