> > 2019-04-26 11:43:23,603 fail2ban.filter [7853]: INFO [dovecot] Found > 185.36.81.165 > 2019-04-26 11:43:24,016 fail2ban.actions [7853]: NOTICE [dovecot] > 185.36.81.165 already banned > 2019-04-26 11:44:09,734 fail2ban.filter [7853]: INFO [dovecot] Found > 45.227.253.100 > 2019-04-26 11:44:19,887 fail2ban.filter [7853]: INFO [dovecot] Found > 45.227.253.100 > > and yet the IP is still getting through to exim:
Yes, as I said before Fail2Ban is detecting it as a dovecot failure, so it is probably blocking the dovecot ports, not the exim/smtp ports. The "already banned" is a give away. You can verify that by looking at the blocked iptable ports when a host has been banned. You can either sort out why it's detecting it as dovecot and not exim or you can modify the fail2ban dovecot config in jail.local by adding the smtp port to the list of ports. P. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
