Entirely true. I did confuse them.
I have unban errors on postfix-auth.
Sent from a mobile. Excuse my brevity & spelling mistakes.
On March 16, 2018 8:51:27 AM CET, Dominic Raferd <domi...@timedicer.co.uk>
wrote:
>On 16 Mar 2018 08:43, "Sophie Loewenthal" <sop...@klunky.co.uk> wrote:
>
>P.S For reference, the current f2b chain contains :
>Chain f2b-postfix (2 references)
>target prot opt source destination
>REJECT all -- 60.163.89.128 0.0.0.0/0
>reject-with
>icmp-port-unreachable
>REJECT all -- 199.168.136.102 0.0.0.0/0
>reject-with
>icmp-port-unreachable
>REJECT all -- 190.223.59.18 0.0.0.0/0
>reject-with
>icmp-port-unreachable
>REJECT all -- 190.128.186.98 0.0.0.0/0
>reject-with
>icmp-port-unreachable
>REJECT all -- 183.148.86.118 0.0.0.0/0
>reject-with
>icmp-port-unreachable
>REJECT all -- 183.148.79.91 0.0.0.0/0
>reject-with
>icmp-port-unreachable
>REJECT all -- 183.148.74.25 0.0.0.0/0
>reject-with
>icmp-port-unreachable
>REJECT all -- 125.126.164.34 0.0.0.0/0
>reject-with
>icmp-port-unreachable
>RETURN all -- 0.0.0.0/0 0.0.0.0/0
>RETURN all -- 0.0.0.0/0 0.0.0.0/0
>
>
>I had some though; The unbans are for IP addresses detected on March
>14,
>two days earlier. However I only enabled the chain last night, so
>think
>this strange that it would unban an IP from before it was enabled.
>
>
>
>
>> On 16 Mar 2018, at 08:37, Sophie Loewenthal <sop...@klunky.co.uk>
>wrote:
>>
>> Good morning,
>>
>> This is interesting ( for me ).
>>
>> I read this in my logs after enabling postfix-auth on Debian 9.2
>>
>>
>> fail2ban.log
>> 2018-03-15 19:12:36,066 fail2ban.actions [12742]: ERROR
>Failed
>to execute unban jail 'postfix-auth' action 'iptables-multiport' info
>'{'matches': 'Mar 14 21:01:44 mx10 postfix/smtpd[29359]: lost
>connection
>after AUTH from unknown[60.163.89.128]Mar 14 21:01:44 mx10
>postfix/smtpd[29363]: lost connection after AUTH from
>unknown[60.163.89.128]Mar 14 21:01:44 mx10 postfix/smtpd[29361]: lost
>connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:45 mx10
>postfix/smtpd[29359]: lost connection after AUTH from
>unknown[60.163.89.128]Mar 14 21:01:45 mx10 postfix/smtpd[29363]: lost
>connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:45 mx10
>postfix/smtpd[29361]: lost connection after AUTH from
>unknown[60.163.89.128]Mar 14 21:01:45 mx10 postfix/smtpd[29364]: lost
>connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:46 mx10
>postfix/smtpd[29361]: lost connection after AUTH from
>unknown[60.163.89.128]Mar 14 21:01:46 mx10 postfix/smtpd[29363]: lost
>connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:46 mx10
>postfix/smtpd[29359]: lost connection after AUTH from
>unknown[60.163.89.128]', 'failures': 10, 'time': 1521140815.757546,
>'ip':
>'60.163.89.128'}': Error unbanning 60.163.89.128
>> 2018-03-15 19:13:08,331 fail2ban.action [13158]: ERROR
>iptables
>-w -D INPUT -p tcp -m multiport --dports
>http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve
>-j f2b-postfix
>> 2018-03-15 19:13:08,331 fail2ban.action [13158]: ERROR
>iptables
>-w -D INPUT -p tcp -m multiport --dports
>http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve
>-j f2b-postfix
>> 2018-03-15 19:13:08,331 fail2ban.action [13158]: ERROR
>iptables
>-w -D INPUT -p tcp -m multiport --dports
>http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve
>-j f2b-postfix
>> 2018-03-15 19:13:08,331 fail2ban.actions [13158]: ERROR
>Failed
>to stop jail 'postfix-auth' action 'iptables-multiport': Error stopping
>action
>>
>>
>> An example from /var/log/mail.log:
>> Mar 14 21:01:44 mx10 postfix/smtpd[29359]: lost connection after AUTH
>from unknown[60.163.89.128]
>> Mar 14 21:01:44 mx10 postfix/smtpd[29359]: disconnect from
>unknown[60.163.89.128] ehlo=1 auth=0/1 commands=1/2
>> Mar 14 21:01:44 mx10 postfix/smtpd[29359]: connect from
>unknown[60.163.89.128]
>> Mar 14 21:01:45 mx10 postfix/smtpd[29359]: lost connection after AUTH
>from unknown[60.163.89.128]
>> Mar 14 21:01:45 mx10 postfix/smtpd[29359]: disconnect from
>unknown[60.163.89.128] ehlo=1 auth=0/1 commands=1/2
>> Mar 14 21:01:45 mx10 postfix/smtpd[29359]: connect from
>unknown[60.163.89.128]
>> Mar 14 21:01:46 mx10 postfix/smtpd[29359]: lost connection after AUTH
>from unknown[60.163.89.128]
>> Mar 14 21:01:46 mx10 postfix/smtpd[29359]: disconnect from
>unknown[60.163.89.128] ehlo=1 auth=0/1 commands=1/2
>>
>>
>> fail2ban version 0.9.6-2
>>
>>
>> jail.local:
>> [postfix]
>> enabled = true
>> logpath = /var/log/mail.log
>> # mail.log because I don’t log to mail.warn. Everything in one file
>to
>see all the problems in one place.
>>
>> jail.conf
>> [postfix]
>> port = smtp,465,submission
>> logpath = %(postfix_log)s
>> backend = %(postfix_backend)s
>>
>>
>>
>> # fail2ban-client status postfix
>> Status for the jail: postfix
>> |- Filter
>> | |- Currently failed: 0
>> | |- Total failed: 79
>> | `- File list: /var/log/mail.log
>> `- Actions
>> |- Currently banned: 0
>> |- Total banned: 0
>> `- Banned IP li...
>
>
>You seem to be confusing jails postfix and postfix-auth ?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
