On 15 Aug 2017, at 02:57, Ryru ryru@addere.ch wrote:
Hi Drik, hi List
On 10.08.2017 21:34, Dirk wrote:
As far as I know the functionality of Fail2Ban is old. If there would be a Linux distribution which enables this I would like to talk to the maintainer and let him know that he at least tries to read the correct abuse entry from ripe instead of bothering our provider as well.
I took a look into the Fail2ban source code[0] today. Although I now have a better understanding of how Fail2ban works I can not really provide the problem source.
- The feature that causes abuse mails is called 'complain'[1].
...
My findings let me assume that Fail2ban itself is not necessary the source of our problem (increasing 22/ssh abuse mails).
Possible other problem causer could be:
- Fail2ban OS specific configuration files
- a (new?) popular Fail2ban how-to-guide which promotes the 'complain'
configuration
- Maybe neither of both changed something and we just had bad luck in
the past weeks?
Maybe someone else has real world experiences with Fail2ban and can help us out here?
Our experience is that our email provider took a few months to identify Fail2ban emails as spam, and automatically delete them. We haven't seen any since then. It's no great loss.
Perhaps there have been changes to Fail2ban that have evaded some automated filters, or your email provider changed their spam filter config.
T -- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------