On 03/10/2016 11:29 AM, Simon Wilson wrote: > Hi list, > > What am I doing wrong? > > I got the notification: > > Hi, > > The IP 185.103.253.243 has just been banned by Fail2Ban after > 3 attempts against sasl. > > iptables -L: > > ]# iptables -L > > <snip> > > Chain fail2ban-sasl (1 references) > target prot opt source destination > REJECT all -- 185.103.253.243 anywhere > reject-with icmp-port-unreachable > RETURN all -- anywhere anywhere > > > But it keeps connecting: > > Mar 10 20:08:00 server04 fail2ban.actions[28238]: INFO [sasl-iptables] > 185.103.253.243 already banned <snip> > banned > Mar 10 20:25:21 server04 fail2ban.actions[28238]: INFO [sasl-iptables] > 185.103.253.243 already banned > > Is it this?: > > Chain INPUT (policy ACCEPT) > target prot opt source destination > fail2ban-sasl tcp -- anywhere anywhere tcp > dpt:smtp > RH-Firewall-1-INPUT all -- anywhere anywhere > > Iptables is only jumping to the fail2ban Chain for port 25 (smtp). > Should that be "always" and how do I make it so? What does your jail.conf look like? Does it have port = 25 somewhere?
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140 _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
