[Fail2ban-users] Sasl bans, still connecting

Simon Wilson Thu, 10 Mar 2016 02:55:15 -0800

Hi list,

What am I doing wrong?


I got the notification:

Hi,

The IP 185.103.253.243 has just been banned by Fail2Ban after
3 attempts against sasl.

iptables -L:

]# iptables -L

<snip>

Chain fail2ban-sasl (1 references)
target     prot opt source               destination

REJECT all -- 185.103.253.243 anywhere reject-with icmp-port-unreachable

RETURN     all  --  anywhere             anywhere


But it keeps connecting:

Mar 10 20:08:00 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:08:15 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:08:34 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:08:49 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:09:05 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:09:19 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:09:34 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:09:49 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:10:04 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:10:18 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:10:33 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:10:46 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:11:01 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:11:16 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:11:31 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:11:47 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:12:04 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:12:20 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:12:36 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:12:56 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:13:17 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:13:37 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:13:55 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:14:17 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:14:39 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:15:03 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:15:26 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:15:47 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:16:10 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:16:36 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:17:01 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:17:30 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:17:58 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:18:27 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:18:59 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:19:29 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:20:01 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:20:35 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:21:10 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:21:47 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:22:25 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:23:03 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:23:47 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:24:35 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned Mar 10 20:25:21 server04 fail2ban.actions[28238]: INFO [sasl-iptables] 185.103.253.243 already banned


Is it this?:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-sasl  tcp  --  anywhere             anywhere            tcp dpt:smtp
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Iptables is only jumping to the fail2ban Chain for port 25 (smtp). Should that be "always" and how do I make it so?


Simon

--
Simon Wilson
M: 0400 12 11 16

binzsEl6NfHWR.bin
Description: PGP Public Key

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

[Fail2ban-users] Sasl bans, still connecting

Reply via email to