On 17/07/2021 20:17, Alex wrote:
Please, you cannot use the iptables jail when you are blocking multiple ports.I see several SASL entries in there already, but none appear to match: mdpr-auth = warning: mdre-auth = ^[^[]*\[<HOST>\]%(_port)s: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:(?! Connection lost to authentication server| Invalid authentication mechanism) mdre-auth2= ^[^[]*\[<HOST>\]%(_port)s: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:(?! Connection lost to authentication server) Is the proper procedure to create an mdre-auth3, then add it to the mdre-aggressive line? mdre-aggressive = %(mdre-auth2)s %(mdre-normal)sIt is certainly intended that this line should trigger a ban iff postfix jail uses mode = extra or mode = aggressive But I think there may be a problem with the mdre-auth2 regex; I am experimenting with removing '^[^[]*' from the front of it (in my postfix.local).I've changed my system to use "mode = aggressive", but also noticed the following in the logs (that existed prior to making the change): 2021-07-17 14:47:16,390 fail2ban.actions [3111209]: NOTICE [postfix] Ban 212.70.149.71 2021-07-17 14:47:16,394 fail2ban.actions [3111209]: NOTICE [postfix-sasl] Ban 24.249.23.200 2021-07-17 14:47:16,409 fail2ban.utils [3111209]: ERROR 7f7e649c36f0 -- exec: iptables -w -N f2b-postfix iptables -w -A f2b-postfix -j RETURN iptables -w -I INPUT -p tcp --dport smtp,465,submission -j f2b-postfix 2021-07-17 14:47:16,410 fail2ban.utils [3111209]: ERROR 7f7e649c36f0 -- stderr: "iptables v1.8.5 (legacy): invalid port/service `smtp,465,submission' specified" 2021-07-17 14:47:16,411 fail2ban.utils [3111209]: ERROR 7f7e649c36f0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information." 2021-07-17 14:47:16,413 fail2ban.utils [3111209]: ERROR 7f7e649c36f0 -- returned 2 2021-07-17 14:47:16,414 fail2ban.actions [3111209]: ERROR Failed to execute ban jail 'postfix' action 'iptables' info 'ActionInfo({'ip': '212.70.149.71', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7e64d7f280>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7e64d7f940>})': Error starting action Jail('postfix')/iptables: 'Script error' I'm trying to use iptables because I already have a number of rules, and this is a more complicated system than a firewalld home system. Thanks,Alex
Note, however you can use the iptables-multiport rule on a single port, so try changing your default action to iptabbes-multiport.
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
