[CentOS] faI2ban detecting and banning but nothing happens
Pete Biggs
pete at biggs.org.uk
Fri Apr 26 11:18:04 UTC 2019
>
> 2019-04-26 11:43:23,603 fail2ban.filter [7853]: INFO [dovecot] Found 185.36.81.165
> 2019-04-26 11:43:24,016 fail2ban.actions [7853]: NOTICE [dovecot] 185.36.81.165 already banned
> 2019-04-26 11:44:09,734 fail2ban.filter [7853]: INFO [dovecot] Found 45.227.253.100
> 2019-04-26 11:44:19,887 fail2ban.filter [7853]: INFO [dovecot] Found 45.227.253.100
>
> and yet the IP is still getting through to exim:
Yes, as I said before Fail2Ban is detecting it as a dovecot failure, so
it is probably blocking the dovecot ports, not the exim/smtp ports.
The "already banned" is a give away. You can verify that by looking at
the blocked iptable ports when a host has been banned.
You can either sort out why it's detecting it as dovecot and not exim
or you can modify the fail2ban dovecot config in jail.local by adding
the smtp port to the list of ports.
P.
More information about the CentOS
mailing list