Sorry about that I had to feed the cat. Christian it looks like you have more than a 100 fail2ban-sasl jumps in your rule set. If you don't have any sqlite3 failures in you log file then all you need to do is put the hump rule in the correct place. If you do have a sqlite3 problem then you just don't use it. Either way the first step is to stop fail2ban. Then flush and restore your iptables rule set. How comfortable are you with iptables?
On Tue, 2015-09-29 at 09:00 -0300, Christian Schmitz wrote: > Hi everyone: > I need know why fail2ban is not banning IP. The Fail2ban is runing, the jail > active, and detect it: > I receive the email: > Hi, > The IP 120.146.197.161 has just been banned by Fail2Ban after > 3 attempts against sasl. > ........... > But even if "fail2ban-client status sasl-iptables" report the IP as blocked > sasli see the hacking try persist onto the mail logs: > > postfix/smtpd[3676]: lost connection after AUTH from > CPE-120-146-197-161.static.vic.bigpond.net.au[120.146.197.161] > schweb postfix/smtpd[3676]: disconnect from > CPE-120-146-197-161.static.vic.bigpond.net.au[120.146.197.161] > > If i look on fail2ban.log: > 2015-09-27 01:26:16,167 fail2ban.actions[9478]: WARNING [sasl-iptables] Ban > 120.146.197.161 > 2015-09-27 01:26:16,187 fail2ban.actions.action[9478]: ERROR iptables -n -L > INPUT | grep -q 'fail2ban-sasl[ \t]' returned 100 > 2015-09-27 01:26:16,188 fail2ban.actions.action[9478]: ERROR Invariant > check > failed. Trying to restore a sane environment > 2015-09-27 01:26:16,207 fail2ban.actions.action[9478]: ERROR iptables -D > INPUT -p all -j fail2ban-sasl > iptables -F fail2ban-sasl > iptables -X fail2ban-sasl returned 100 > > > How i can solve it? > > Best Regards > Christian Schmitz
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
