Profile Details

Toggle Sidebar
Recent updates
  • Nuke
    Nuke replied to a discussion, Attack Detector/fail2ban stopped??

    I've been checking the COS5.2 fail2ban jail.local and jail.conf and log locations where in the jail.* files. Since COS7 is using systemd with logs, is where the problem is???
    In the new jail.conf it shows
    I can't figure out what it is referencing.
    When I query what log postfix is using for fail2ban it says
    I guess this is correct since it isn't starting so not reading any logs. This is going beyond my novice knowledge.
    Could this be an issue if both postfix-sasl and cyrus jails are reading the same log at the same time?

  • Nuke
    Nuke replied to a discussion, Attack Detector/fail2ban stopped??

    Nick Howitt wrote:
    Can you give the output to:

    Happy to. Big list.

    Thanks in advance Nick!

  • Nick Howitt wrote:
    I kept my options open when creating the initial certificate with certbot before the Let's Encrypt app was released. With the Let's Encrypt App, it can only cover one FQDN. I believe that from 27th February, Let's Encrypt will release a wildcard certificate which makes life easier but I have no idea if you can request one with the app.

    Nick, I don't think I understand what you mean.
    When I did the original install I created 1 certificate for my home domain and also one virtual domain within the same certificate as you have. So with the MarketPlace App you can't do this? Since i need it to cover 2 domains, I should stay with my present manual installation and not change to the Marketplace App?
    Thanks again for your help!

  • Nuke
    Nuke replied to a discussion, Attack Detector/fail2ban stopped??

    Nick Howitt wrote:

    HI Nuke,
    Can you disable all jails in the webconfig then start them one by one? By your logs it looks like sshd-ddos and postfix-sasl are failing. I use postfix-sasl but no sshd jails as I don't open ssh to the internet. My postfix-sasl is slightly altered from base so I wonder if that is why mine works.

    Hi Nick.
    Thanks again for your help.
    I disabled all jails except for cyrus-imapd and fail2ban started OK.
    I don't have port 22 open to the outside either. I presume I don't have to worry about this sshd-ddos running if the port is closed?
    I'd like to get postfix-sasl running as I'm running a home mail server.
    There looks to be some sort of clear files in addition to the jail.conf to control fail2ban. If I make changes in a jail.local am going to break something with COS7?
    It's been years since I adjusted/tuned fail2ban on COS5.2.

  • Nuke
    Nuke likes the reply for the discussion, Re: Smooth Plex update from 1.7.x to

    Just wanted to let everyone know that moving to also seems to have gone smoothly.

    I also revised the process a little:

  • Nuke
    Nuke started a new discussion, Attack Detector/fail2ban stopped??

    Attack Detector/fail2ban stopped??

    Last week after doing the firmware updates for Spectre & Meltdown and rebooting, fail2ban will not run. It starts and then quits after showing this error "NOTICE Jail started without 'journalmatch' set". I've tried to restart/condrestart using systemctl and the webgui. The restart using the webgui hangs the webgui. The systemctl commands restart & condrestart seem to work but when I use systemctl start fail2ban or fail2ban.service, the CLI never completes the command.

    The log doesn't give much more info.

    I haven't changed anything on fail2ban. All I've done over the past week is to try to restart it when I noticed it wasn't running.

    What should I be looking at to get this running?

  • Nuke
    Nuke replied to a discussion, Forward one user email to gmail?

    Mansoor wrote:

    This might help:

    Thank you Mansoor!

  • Nuke
    Nuke replied to a discussion, Forward one user email to gmail?

    I had all sorts of problems with email since I did the forwarding. I'm not quite sure what the problem was but suspect that this forwarding was the problem or a part of it.

    Ben I tried your suggestions and I liked the fact that I could add forwards from the GUI.

    However it looked like all outbound mail was not leaving. I followed up with a number of people who I sent emails to but they never received anything. So for about 3 days we didn't send any emails. The logs show the email going to mailfilter and then being deleted.

    As I said, there may have been other factors in play because I fixed a certificate issue and imapd failure at the same time as removing the /var/clearos/mail_routing/forwarders file. Upon deleting the forwarders file, doing the aliases command and then reloading postfix, it looks like it's working properly again.

    I think this forwarders file solution needs some more testing.

  • Nick Howitt wrote:
    I don't know about your last error. Are you connecting to cyrus-imap using STARTTLS (SSL/TLS) or SSL?

    I believe the options in Thunderbird & K-9 are STARTTLS or SSL/TLS. I have SSL/TLS enabled for imaps and pops email. Regular imap and pop are disabled.