Re: [Fail2ban-users] Banned IP continues its attempts, other IP isn't banned even after maxretry

Sun, 17 Sep 2017 07:59:31 -0700 

Dominic,



Thank you so much for your troubleshooting tips. Apparently, I shouldn't have 
trusted the output of fail2ban -d : 


root@messagerie[10.10.10.19] ~ # fail2ban-client -d | grep postfix-sasl-long
WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
['add', 'postfix-sasl-long', 'auto']
['set', 'postfix-sasl-long', 'usedns', 'warn']
['set', 'postfix-sasl-long', 'addlogpath', '/var/log/mail.warn']
['set', 'postfix-sasl-long', 'maxretry', 10]
['set', 'postfix-sasl-long', 'addignoreip', '127.0.0.1/8']
['set', 'postfix-sasl-long', 'addignoreip', '10.10.10.0/24']
['set', 'postfix-sasl-long', 'addignoreip', '172.16.0.0/16']
['set', 'postfix-sasl-long', 'addignoreip', '192.168.0.0/16']
['set', 'postfix-sasl-long', 'ignorecommand', '']
['set', 'postfix-sasl-long', 'findtime', 86400]
['set', 'postfix-sasl-long', 'bantime', 432000]
['set', 'postfix-sasl-long', 'addfailregex', 
'^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] 
)?(?:@vserver_\\S+ 
)?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?postfix/smtpd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID
 \\d+ \\S+\\])?\\s*warning: [-._\\w]+\\[<HOST>\\]: SASL 
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ 
A-Za-z0-9+/]*={0,2})?\\s*$']
['set', 'postfix-sasl-long', 'addaction', 'shorewall']
['set', 'postfix-sasl-long', 'actionban', 'shorewall', 'shorewall <blocktype> 
<ip>']
['set', 'postfix-sasl-long', 'actionstop', 'shorewall', '']
['set', 'postfix-sasl-long', 'actionstart', 'shorewall', '']
['set', 'postfix-sasl-long', 'actionunban', 'shorewall', 'shorewall allow <ip>']
['set', 'postfix-sasl-long', 'actioncheck', 'shorewall', '']
['set', 'postfix-sasl-long', 'setcinfo', 'shorewall', 'blocktype', 'reject']
['start', 'postfix-sasl-long']
root@messagerie[10.10.10.19] ~ # 



Here it seems that the jail postfix-sasl-long exist, but when I issue the 
command you have given


root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # fail2ban-client get  
postfix-sasl-long addaction
ERROR  NOK: ('postfix-sasl-long',) 
Sorry but the jail 'postfix-sasl-long' does not exist 
root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # 


The jail doesn't exit ! are there two configurations for fail2ban ? (one for 
the "client" and one for the "server" ?)



After restarting (the server I guess), the jail is found and the action too


root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # service fail2ban restart
root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # fail2ban-client get  
postfix-sasl-long addaction 
shorewall 
root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # 



I'll leave it like this for a day and see what I get tomorrow.

Thanks again ! 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to