[CentOS] faI2ban detecting and banning but nothing happens

Mon Apr 29 08:44:02 UTC 2019
Gary Stainburn <gary.stainburn at ringways.co.uk>

On Monday 29 April 2019 02:21:05 Gordon Messmer wrote:
> That's one approach.  I believe that you could modify fewer files by 
> setting "port = 0:65535" in your definition in "jail.local" and not 
> install firewallcmd-ipset.local.

I have just tried this, and re-started fail2ban. It does not seem to have worked.

I have looked at /var/log/exim/main.log and found lots of lines like 

2019-04-29 09:39:15 dovecot_plain authenticator failed for (hosting-by.directwebhost.org.) []: 535 Incorrect authentication data

which are still not being stopped.   I have run the commands

[root at ollie2 ~]# fail2ban-client set exim banip
[root at ollie2 ~]# fail2ban-client set exim banip
[root at ollie2 ~]#

and the lines are still appearing.  Here is my jail.local. (I did also try directly editing jail.conf to update the port commands).

# set a higher bantime and findtime
# set the IP's to ignore / not ban
ignoreip =
# set max number of attempts
maxretry = 3
# set mail receiver
destemail = fail2ban at ringways.co.uk
sender = fail2ban at ringways.co.uk
# enable sending mails, whois and logfile sections by choosing the "action_mwl" template,
# see jail.conf for details
action = %(action_mwl)s

port    = 0:65535

port    = 0:65535