On Saturday 20 April 2019 00:32:43 Pete Biggs wrote: > What ban action do you use? If it's something like iptables-multiport, > then I wonder if the fact that it's detecting the failures as > '[dovecot]' means that it's using the dovecot ports, not the exim > ports, when applying the iptable rule. > > When a host has been banned, can you look at the iptables rules to see > what is actually being applied.
Hi Pete, I did wonder that myself. I have now amended to Dovecot definition in jail.conf to: [dovecot] port = pop3,pop3s,imap,imaps,submission,sieve,25,1025,465,587 logpath = %(dovecot_log)s backend = %(dovecot_backend)s I then unbanned and banned each IP address manually with for F in 46.232.112.21 106.226.231.159 [snip] 52.38.234.254 ; do fail2ban-client set dovecot unbanip $F fail2ban-client set dovecot banip $F done which worked. However, having done this, the connections are still getting through to EXIM. [root@ollie2 ~]# fail2ban-client status dovecot Status for the jail: dovecot |- Filter | |- Currently failed: 6 | |- Total failed: 199 | `- Journal matches: _SYSTEMD_UNIT=dovecot.service `- Actions |- Currently banned: 41 |- Total banned: 82 `- Banned IP list: 46.232.112.21 106.226.231.159 113.120.142.149 113.120.143.41 114.106.134.228 114.238.30.180 116.91.166.50 117.24.39.199 117.29.90.228 117.31.46.4 117.60.247.84 119.127.17.82 120.43.54.45 121.233.206.62 121.237.56.154 122.7.227.53 14.29.161.224 140.224.60.165 140.224.61.88 141.98.80.32 180.146.128.112 183.135.168.89 185.211.245.198 185.222.209.56 185.222.209.71 185.234.217.160 185.234.217.162 185.234.217.221 185.36.81.165 188.165.238.157 203.2.118.130 209.166.164.71 210.6.94.23 211.72.92.124 27.156.139.95 27.156.176.146 41.164.192.74 45.227.253.100 45.227.253.99 49.87.109.233 52.38.234.254 [root@ollie2 ~]# ipset list Name: fail2ban-sshd Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 3600000 Size in memory: 120 References: 0 Number of entries: 0 Members: Name: fail2ban-dovecot Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 3600000 Size in memory: 3768 References: 0 Number of entries: 41 Members: 185.211.245.198 timeout 4294522 [snip] 45.227.253.99 timeout 4294532 117.60.247.84 timeout 4294514 Name: fail2ban-exim Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 3600000 Size in memory: 408 References: 0 Number of entries: 3 Members: 185.234.217.160 timeout 4294290 85.222.209.56 timeout 4294291 185.222.209.71 timeout 4294289 [root@ollie2 ~]# _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
