[CentOS] faI2ban detecting and banning but nothing happens

Fri Apr 19 23:32:43 UTC 2019
Pete Biggs <pete at biggs.org.uk>

> The event that triggers the ban does complete as normal, which is what I would 
> expect as the ban is triggered by the log entry which is *after* the failed 
> attempt.
> However, after the /var/log/fail2ban.log showed the IP as banned, I continue 
> to see entries in /var/log/exim/main.log

What ban action do you use?  If it's something like iptables-multiport, 
then I wonder if the fact that it's detecting the failures as
'[dovecot]' means that it's using the dovecot ports, not the exim
ports, when applying the iptable rule.

When a host has been banned, can you look at the iptables rules to see
what is actually being applied.