Think I have this worked out. non-standard postfix-auth and thet included
postfix jail enabled that may be checking for the same stuff. I’ve disabled
postfix-auth.
The rogue IP had been removed from iptables. Maybe by one or the other.
> On 16 Mar 2018, at 18:32, René Berber wrote:
>
> O
On 3/16/2018 1:37 AM, Sophie Loewenthal wrote:
> fail2ban.log 2018-03-15 19:12:36,066 fail2ban.actions
> [12742]: ERROR Failed to execute unban jail 'postfix-auth' action
> 'iptables-multiport' info '{'matches': 'Mar 14 21:01:44 mx10
> postfix/smtpd[29359]: ...
connection after AUTH from unkno
Entirely true. I did confuse them.
I have unban errors on postfix-auth.
Sent from a mobile. Excuse my brevity & spelling mistakes.
On March 16, 2018 8:51:27 AM CET, Dominic Raferd
wrote:
>On 16 Mar 2018 08:43, "Sophie Loewenthal" wrote:
>
>P.S For reference, the current f2b chain contains :
On 16 Mar 2018 08:43, "Sophie Loewenthal" wrote:
P.S For reference, the current f2b chain contains :
Chain f2b-postfix (2 references)
target prot opt source destination
REJECT all -- 60.163.89.1280.0.0.0/0reject-with
icmp-port-unreachable
REJECT al
P.S For reference, the current f2b chain contains :
Chain f2b-postfix (2 references)
target prot opt source destination
REJECT all -- 60.163.89.1280.0.0.0/0reject-with
icmp-port-unreachable
REJECT all -- 199.168.136.102 0.0.0.0/0
Good morning,
This is interesting ( for me ).
I read this in my logs after enabling postfix-auth on Debian 9.2
fail2ban.log
2018-03-15 19:12:36,066 fail2ban.actions[12742]: ERROR Failed to
execute unban jail 'postfix-auth' action 'iptables-multiport' info '{'matches':
'Mar 14 21:01