Posted by Brian @ 10:29 am on February 12th 2017

[SOLVED] fail2ban isn’t banning sasl attacks

This morning I noticed a SASL attack in my mail logs, and fail2ban wasn’t stopping. I tested the regex and it was working fine, but… no ban. So here’s what worked for me: changing the backend for fail2ban to polling from auto. Problem solved.

in /etc/fail2ban/jail.local replace
backend = auto
with
backend = polling