Tilman Kranz – Personal Blog

fail2ban not matching Dovecot 2.4 log output on Debian Trixie

19. Januar 2026 in Administration, GNU/Linux, Technology.

On Debian Trixie, Dovecot gets upgraded to version 2.4 which makes substantial changes to the configuration syntax and also to the log output. Unfortunately, the new log format for unsuccessful authentication might not match the rules defined in /etc/fail2ban/filter.d/dovecot.conf. This bug has been documented in the Debian bug tracking system as #1107903 but remains unaddressed as of today.

To mitigate this, i have acquired a more recent filter definition from fail2ban GIT:

repo=https://raw.githubusercontent.com/fail2ban/fail2ban
wget \
    -O /etc/fail2ban/filter.d/dovecot-new.conf \
    "$repo"/refs/heads/master/config/filter.d/dovecot.conf

I tested the filters, comparing the filter definition distributed by Debian Trixie with the upstream one:

fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/dovecot.conf
fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/dovecot-new.conf

I then applied these changed filters to the jail definitions in /etc/fail2ban/jail.d/local.conf:

[dovecot]
enabled = true
# This changes the filter:
filter = dovecot-new
# Note: The other settings might be different at your site:
maxretry = 3
logpath = /var/log/mail.log

[postfix]
enabled = true
filter = postfix-new
maxretry = 3
logpath = /var/log/mail.log

I restarted fail2ban.service and followed the fail2ban.log to see if it operates as expected (which it does):

systemctl restart fail2ban
tail -f /var/log/fail2ban.log

Migrating Dovecot CE to 2.4

19. Januar 2026 in Administration, GNU/Linux, Technology.

I use the Dovecot server as provided by the Debian GNU/Linux distribution. Dist-upgrading to Debian 13 “Trixie” forced an upgrade from Dovecot CE version 2.3 to 2.4, imposing significant changes to the configuration syntax. Fortunately, no features or functionality (that i am using) went away. Instead of the “before-and-after” way of explaining how to port your settings to the 2.4 syntax, let me show you my /etc/dovecot/dovecot.conf and what it does.

Disabling external Emojis in the WordPress Admin GUI

29. Juli 2025 in Technology.

In a previous article i mentioned that the “Disable Emojis” plugin removes requests to external servers for downloading Emoji graphics on a WordPress site. This works in the frontend (the part the user/customer visits). In the backend (the part the admin visits) there are hardcoded references to external emoji graphics., for example here:

https://github.com/WordPress/WordPress/blob/3d3e104908f875a0df3d5f7692feeb8874780b2a/wp-admin/about.php#L146

There also does not appear to be a suitable administrative filter that could be used to patch the unwanted HTML image references out of the effective HTML sent to the browser:

https://developer.wordpress.org/apis/hooks/filter-reference/#administrative-filters

However, the user browser suppresses the loading of such external graphics if the Content-Security-Policy (CSP) header sent by the webserver includes this statement:

img-src 'self' data:;

Now, user browsers will refuse to load any images that are not from the same site or are provided as “data” attributes (i.e. inline):

New Music Archive

18. Juli 2025 in Multimedia, Programming.

Since i sporadically make electronic compositions and master them to “tracks” in MP3 format, over the years a bunch of such files have accumulated. Until recently i was using a software i had named MyPlayer, based on mediaelement.js (“mejs”) with a 3rd-party playlist plugin and some extension for parsing an M3U playlist. As it goes, mejs published a new version containing breaking changes and an integrated playlist … For a while i tried to port my existing code to that new version, encountered many bugs and tried to fix them, but i realized that, since web development is not my main job anymore, i found insufficient time for the depth and complexity of such work, and my attempts lead nowhere.

In my new, latest iteration of the Music Archive i have changed the technology stack and implemented a more conventional backend/frontend architecture.

Match-Resumption in case…esac of Bourne Again Shell

28. Juni 2025 in GNU/Linux, Programming.

This article describes the impact of using the lesser discussed alternative code block terminators ;;& and ;& which control the “match-resuming” behavior of Bash’s case…esac.

An Introduction to Programmable Completion in Bash

25. Juli 2025 in Administration, GNU/Linux, Programming.

I am using the terminal a lot on Linux. For my project “pulseaudio-tcp” (see here for more information) i wanted to have more comfortable command line completion in Bourne Again Shell (“Bash”). After having typed in the command name pulseaudio-tcp, when pressing the Tabulator key, i would like to see a list of all possible arguments to that command.

In this article i demonstrate how to leverage the “Programmable Completion” feature of Bash for such purposes. A reasonably recent version of Bash (4.2 or later) is assumed. You should have a basic understanding of control flow, variables, functions and arrays in Bash. In the article, we will make use of some advanced Bash features such as array expansion with pattern matching; these will be explained “on the go” as required.

Pages: 1 2 3 4 5 6 7 8 9

Release of pulseaudio-tcp

28. Mai 2025 in Administration, GNU/Linux, Multimedia, Programming.

pulseaudio-tcp now has its first official release. The initial release features the following changes:

GUI support with zenity for setup and other user interaction
Debian packaging

Gitea project pulseaudio-tcpLast 3 commits in branch "main":2025-06-01 by Tilman Kranz: 03e3953e completion supports multiple commands2025-06-01 by Tilman Kranz: f08b857a support for multiple commands (WIP)2025-06-01 by Tilman Kranz: f78ae9d1 exclude vim swapfilesLatest release: 1.1.1

Swallowed By The Machine

4. November 2025 in Music.

A longer, uneasy piece.