fail2ban jail 没有被解雇

使用了几种不同的方法的 fail2ban，现在尝试让它阻止黑客通过 smtp 通过服务器发送垃圾邮件。

测试时正则表达式匹配成功：

    Failregex
|- Regular expressions:
|  [1] \[<HOST>\]: 535 Incorrect authentication data
|
`- Number of matches:
   [1] 147 match(es)

监狱负荷正常：

2014-03-04 21:16:46,162 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
2014-03-04 21:16:46,163 fail2ban.jail   : INFO   Creating new jail 'exim-auth'
2014-03-04 21:16:46,165 fail2ban.jail   : INFO   Jail 'exim-auth' uses Gamin
2014-03-04 21:16:46,187 fail2ban.filter : INFO   Added logfile = /var/log/exim/main.log
2014-03-04 21:16:46,188 fail2ban.filter : INFO   Set maxRetry = 3
2014-03-04 21:16:46,190 fail2ban.filter : INFO   Set findtime = 3600
2014-03-04 21:16:46,191 fail2ban.actions: INFO   Set banTime = 3600
2014-03-04 21:16:46,205 fail2ban.jail   : INFO   Creating new jail 'ssh-iptables'
2014-03-04 21:16:46,206 fail2ban.jail   : INFO   Jail 'ssh-iptables' uses Gamin
2014-03-04 21:16:46,207 fail2ban.filter : INFO   Added logfile = /var/log/secure
2014-03-04 21:16:46,208 fail2ban.filter : INFO   Set maxRetry = 5
2014-03-04 21:16:46,210 fail2ban.filter : INFO   Set findtime = 3600
2014-03-04 21:16:46,211 fail2ban.actions: INFO   Set banTime = 3600
2014-03-04 21:16:46,410 fail2ban.jail   : INFO   Jail 'exim-auth' started
2014-03-04 21:16:46,439 fail2ban.jail   : INFO   Jail 'ssh-iptables' started

ssh 禁令仍然有效。即使错误通过日志，也不会发生任何事情。所有时间都同步，syslog、fail2ban 和 exim 都已重新启动。

Exim 主日志：

2014-03-04 21:16:24 no host name found for IP address 89.xxx.33.33
2014-03-04 21:16:24 auth_plain authenticator failed for ([10.xxx.80.53]) [89.xxx.33.33]: 535 Incorrect authentication data (set_id=jamie@****.co.uk)
2014-03-04 21:16:30 no host name found for IP address 89.xxx.33.33
2014-03-04 21:16:30 auth_plain authenticator failed for ([10.xxx.80.53]) [89.xxx.33.33]: 535 Incorrect authentication data (set_id=jamie@****.co.uk)
2014-03-04 21:16:38 no host name found for IP address 89.xxx.33.33
2014-03-04 21:16:38 auth_plain authenticator failed for ([10.xxx.80.53]) [89.xxx.33.33]: 535 Incorrect authentication data (set_id=jamie@****.co.uk)

（显然 xxx 和 **** 现在已被编辑）。

jail.conf 部分的配置：

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
logpath  = /var/log/secure
maxretry = 5

[exim-auth]

enabled = true
filter = exim_auth
action = iptables[name=SMTP, port=25, protocol=tcp]
         mail[name=EximAuth, dest=jamie@****.co.uk]
logpath = /var/log/exim/main.log
maxretry = 3

文件解析成功，并且我成功收到一封电子邮件，告知监狱何时停止和启动。

过滤器.d/exim_auth.conf：

# Fail2Ban configuration file
#
#
# $Revision$
#

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = \[<HOST>\]: 535 Incorrect authentication data

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

如果有人能弄清楚为什么它没有触发，并且还可以获得奖励点，我可以运行两个 iptables 操作来阻止端口 25 和 465，我将不胜感激。