Good morning, This is interesting ( for me ).
I read this in my logs after enabling postfix-auth on Debian 9.2 fail2ban.log 2018-03-15 19:12:36,066 fail2ban.actions [12742]: ERROR Failed to execute unban jail 'postfix-auth' action 'iptables-multiport' info '{'matches': 'Mar 14 21:01:44 mx10 postfix/smtpd[29359]: lost connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:44 mx10 postfix/smtpd[29363]: lost connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:44 mx10 postfix/smtpd[29361]: lost connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:45 mx10 postfix/smtpd[29359]: lost connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:45 mx10 postfix/smtpd[29363]: lost connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:45 mx10 postfix/smtpd[29361]: lost connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:45 mx10 postfix/smtpd[29364]: lost connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:46 mx10 postfix/smtpd[29361]: lost connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:46 mx10 postfix/smtpd[29363]: lost connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:46 mx10 postfix/smtpd[29359]: lost connection after AUTH from unknown[60.163.89.128]', 'failures': 10, 'time': 1521140815.757546, 'ip': '60.163.89.128'}': Error unbanning 60.163.89.128 2018-03-15 19:13:08,331 fail2ban.action [13158]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve -j f2b-postfix 2018-03-15 19:13:08,331 fail2ban.action [13158]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve -j f2b-postfix 2018-03-15 19:13:08,331 fail2ban.action [13158]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve -j f2b-postfix 2018-03-15 19:13:08,331 fail2ban.actions [13158]: ERROR Failed to stop jail 'postfix-auth' action 'iptables-multiport': Error stopping action An example from /var/log/mail.log: Mar 14 21:01:44 mx10 postfix/smtpd[29359]: lost connection after AUTH from unknown[60.163.89.128] Mar 14 21:01:44 mx10 postfix/smtpd[29359]: disconnect from unknown[60.163.89.128] ehlo=1 auth=0/1 commands=1/2 Mar 14 21:01:44 mx10 postfix/smtpd[29359]: connect from unknown[60.163.89.128] Mar 14 21:01:45 mx10 postfix/smtpd[29359]: lost connection after AUTH from unknown[60.163.89.128] Mar 14 21:01:45 mx10 postfix/smtpd[29359]: disconnect from unknown[60.163.89.128] ehlo=1 auth=0/1 commands=1/2 Mar 14 21:01:45 mx10 postfix/smtpd[29359]: connect from unknown[60.163.89.128] Mar 14 21:01:46 mx10 postfix/smtpd[29359]: lost connection after AUTH from unknown[60.163.89.128] Mar 14 21:01:46 mx10 postfix/smtpd[29359]: disconnect from unknown[60.163.89.128] ehlo=1 auth=0/1 commands=1/2 fail2ban version 0.9.6-2 jail.local: [postfix] enabled = true logpath = /var/log/mail.log # mail.log because I don’t log to mail.warn. Everything in one file to see all the problems in one place. jail.conf [postfix] port = smtp,465,submission logpath = %(postfix_log)s backend = %(postfix_backend)s # fail2ban-client status postfix Status for the jail: postfix |- Filter | |- Currently failed: 0 | |- Total failed: 79 | `- File list: /var/log/mail.log `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list: Best wishes, Sophie. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users