[CentOS] faI2ban detecting and banning but nothing happens

Fri Apr 26 10:50:47 UTC 2019

On Friday 19 April 2019 16:15:32 Kenneth Porter wrote:
> On 4/19/2019 5:30 AM, Gary Stainburn wrote:
> > I've followed one of the pages on line specifically for installing fail2ban on
> > Centos 7 and all looks fine.
> 
> Which page? It would help to see what they advised.
> On Friday 19 April 2019 16:15:32 Kenneth Porter wrote:
> On 4/19/2019 5:30 AM, Gary Stainburn wrote:
> > I've followed one of the pages on line specifically for installing
> > fail2ban on Centos 7 and all looks fine.
>
> Which page? It would help to see what they advised.

I think I worked from two pages. One I believe was 

https://www.howtoforge.com/tutorial/how-to-install-fail2ban-on-centos/

I can't remember the other one. I have removed all of the manual amendments so am now basically set up as initially installed.

/var/log/fail2ban.log is showing that it's working:

2019-04-26 11:41:08,850 fail2ban.filter [7853]: INFO [dovecot] Found 155.133.4.195
2019-04-26 11:41:09,651 fail2ban.filter [7853]: INFO [dovecot] Found 185.222.209.56
2019-04-26 11:41:11,397 fail2ban.filter [7853]: INFO [dovecot] Found 185.222.209.56
2019-04-26 11:41:11,909 fail2ban.filter [7853]: INFO [dovecot] Found 185.222.209.56
2019-04-26 11:41:12,873 fail2ban.actions [7853]: NOTICE [dovecot] 185.222.209.56 already banned
2019-04-26 11:41:24,306 fail2ban.filter [7853]: INFO [dovecot] Found 185.222.209.56
2019-04-26 11:41:25,010 fail2ban.filter [7853]: INFO [dovecot] Found 46.232.112.21
2019-04-26 11:41:36,035 fail2ban.filter [7853]: INFO [dovecot] Found 46.232.112.21
2019-04-26 11:41:40,564 fail2ban.filter [7853]: INFO [dovecot] Found 45.227.253.100
2019-04-26 11:41:50,779 fail2ban.filter [7853]: INFO [dovecot] Found 45.227.253.100
2019-04-26 11:41:50,915 fail2ban.actions [7853]: NOTICE [dovecot] 45.227.253.100 already banned
2019-04-26 11:43:23,603 fail2ban.filter [7853]: INFO [dovecot] Found 185.36.81.165
2019-04-26 11:43:24,016 fail2ban.actions [7853]: NOTICE [dovecot] 185.36.81.165 already banned
2019-04-26 11:44:09,734 fail2ban.filter [7853]: INFO [dovecot] Found 45.227.253.100
2019-04-26 11:44:19,887 fail2ban.filter [7853]: INFO [dovecot] Found 45.227.253.100

and yet the IP is still getting through to exim:

2019-04-26 11:41:39 dovecot_plain authenticator failed for ([46.232.112.21]) [46.232.112.21]: 535 Incorrect authentication data (set_id=aa26fa5)
2019-04-26 11:41:44 dovecot_plain authenticator failed for ([45.227.253.100]) [45.227.253.100]: 535 Incorrect authentication data (set_id=*********)
2019-04-26 11:41:55 dovecot_plain authenticator failed for ([45.227.253.100]) [45.227.253.100]: 535 Incorrect authentication data (set_id=********)
2019-04-26 11:43:27 dovecot_login authenticator failed for (88.211.105.31) [185.36.81.165]: 535 Incorrect authentication data (set_id=**********)
2019-04-26 11:44:13 dovecot_plain authenticator failed for ([45.227.253.100]) [45.227.253.100]: 535 Incorrect authentication data (set_id=****************)
2019-04-26 11:44:23 dovecot_plain authenticator failed for ([45.227.253.100]) [45.227.253.100]: 535 Incorrect authentication data (set_id=****************)
2019-04-26 11:45:19 dovecot_plain authenticator failed for ([185.222.209.56]) [185.222.209.56]: 535 Incorrect authentication data (set_id=****************)
2019-04-26 11:45:35 dovecot_plain authenticator failed for ([185.222.209.56]) [185.222.209.56]: 535 Incorrect authentication data (set_id=****************)
2019-04-26 11:46:36 dovecot_plain authenticator failed for ([185.222.209.56]) [185.222.209.56]: 535 Incorrect authentication data (set_id=****************)
2019-04-26 11:46:37 dovecot_plain authenticator failed for ([45.227.253.100]) [45.227.253.100]: 535 Incorrect authentication data (set_id=****************)