On 17 September 2017 at 11:34, chaouche yacine <yacinechaou...@yahoo.com>
wrote:
> Hello Dominic,
>
> There was only 1 IP that was banned out of 4. The banned one has been
> unbanned after bantime (1 day) so I can't find it in iptables :
>
> root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # iptables -nL | grep
> 201.236.111.84
> root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL #
>
> The other 3 werent' banned by fail2ban
>
> NB : I am using shorewall, which uses iptables under the hood IIRC.
>
Too bad. It might be worth monitoring for the next time there is a
fail2ban-postfix-sasl ban and having a look in iptables then.
I suspect that fail2ban is failing to implement the ban in iptables.
Try:
$ fail2ban-client get postfix-sasl actions
iptables-multiport
Then you can find the actual ban action (your action may differ from the
above, in which case substitute appropriately):
$ fail2ban-client get postfix-sasl action iptables-multiport actionban
<iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
This tells you what fail2ban is doing to execute the ban.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
