On 16 Mar 2018 08:43, "Sophie Loewenthal" <sop...@klunky.co.uk> wrote:

P.S  For reference, the current f2b chain contains :
Chain f2b-postfix (2 references)
target     prot opt source               destination
REJECT     all  --  60.163.89.128        0.0.0.0/0            reject-with
icmp-port-unreachable
REJECT     all  --  199.168.136.102      0.0.0.0/0            reject-with
icmp-port-unreachable
REJECT     all  --  190.223.59.18        0.0.0.0/0            reject-with
icmp-port-unreachable
REJECT     all  --  190.128.186.98       0.0.0.0/0            reject-with
icmp-port-unreachable
REJECT     all  --  183.148.86.118       0.0.0.0/0            reject-with
icmp-port-unreachable
REJECT     all  --  183.148.79.91        0.0.0.0/0            reject-with
icmp-port-unreachable
REJECT     all  --  183.148.74.25        0.0.0.0/0            reject-with
icmp-port-unreachable
REJECT     all  --  125.126.164.34       0.0.0.0/0            reject-with
icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0


I had some though; The unbans are for IP addresses detected on March 14,
two days earlier.  However I only enabled the chain last night, so think
this strange that it would unban an IP from before it was enabled.




> On 16 Mar 2018, at 08:37, Sophie Loewenthal <sop...@klunky.co.uk> wrote:
>
> Good morning,
>
> This is interesting ( for me ).
>
> I read this in my logs after enabling postfix-auth on Debian 9.2
>
>
> fail2ban.log
> 2018-03-15 19:12:36,066 fail2ban.actions        [12742]: ERROR   Failed
to execute unban jail 'postfix-auth' action 'iptables-multiport' info
'{'matches': 'Mar 14 21:01:44 mx10 postfix/smtpd[29359]: lost connection
after AUTH from unknown[60.163.89.128]Mar 14 21:01:44 mx10
postfix/smtpd[29363]: lost connection after AUTH from
unknown[60.163.89.128]Mar 14 21:01:44 mx10 postfix/smtpd[29361]: lost
connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:45 mx10
postfix/smtpd[29359]: lost connection after AUTH from
unknown[60.163.89.128]Mar 14 21:01:45 mx10 postfix/smtpd[29363]: lost
connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:45 mx10
postfix/smtpd[29361]: lost connection after AUTH from
unknown[60.163.89.128]Mar 14 21:01:45 mx10 postfix/smtpd[29364]: lost
connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:46 mx10
postfix/smtpd[29361]: lost connection after AUTH from
unknown[60.163.89.128]Mar 14 21:01:46 mx10 postfix/smtpd[29363]: lost
connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:46 mx10
postfix/smtpd[29359]: lost connection after AUTH from
unknown[60.163.89.128]', 'failures': 10, 'time': 1521140815.757546, 'ip':
'60.163.89.128'}': Error unbanning 60.163.89.128
> 2018-03-15 19:13:08,331 fail2ban.action         [13158]: ERROR   iptables
-w -D INPUT -p tcp -m multiport --dports
http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve
-j f2b-postfix
> 2018-03-15 19:13:08,331 fail2ban.action         [13158]: ERROR   iptables
-w -D INPUT -p tcp -m multiport --dports
http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve
-j f2b-postfix
> 2018-03-15 19:13:08,331 fail2ban.action         [13158]: ERROR   iptables
-w -D INPUT -p tcp -m multiport --dports
http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve
-j f2b-postfix
> 2018-03-15 19:13:08,331 fail2ban.actions        [13158]: ERROR   Failed
to stop jail 'postfix-auth' action 'iptables-multiport': Error stopping
action
>
>
> An example from /var/log/mail.log:
> Mar 14 21:01:44 mx10 postfix/smtpd[29359]: lost connection after AUTH
from unknown[60.163.89.128]
> Mar 14 21:01:44 mx10 postfix/smtpd[29359]: disconnect from
unknown[60.163.89.128] ehlo=1 auth=0/1 commands=1/2
> Mar 14 21:01:44 mx10 postfix/smtpd[29359]: connect from
unknown[60.163.89.128]
> Mar 14 21:01:45 mx10 postfix/smtpd[29359]: lost connection after AUTH
from unknown[60.163.89.128]
> Mar 14 21:01:45 mx10 postfix/smtpd[29359]: disconnect from
unknown[60.163.89.128] ehlo=1 auth=0/1 commands=1/2
> Mar 14 21:01:45 mx10 postfix/smtpd[29359]: connect from
unknown[60.163.89.128]
> Mar 14 21:01:46 mx10 postfix/smtpd[29359]: lost connection after AUTH
from unknown[60.163.89.128]
> Mar 14 21:01:46 mx10 postfix/smtpd[29359]: disconnect from
unknown[60.163.89.128] ehlo=1 auth=0/1 commands=1/2
>
>
> fail2ban version 0.9.6-2
>
>
> jail.local:
> [postfix]
> enabled  = true
> logpath  = /var/log/mail.log
> # mail.log because I don’t log to mail.warn. Everything in one file to
see all the problems in one place.
>
> jail.conf
> [postfix]
> port     = smtp,465,submission
> logpath  = %(postfix_log)s
> backend  = %(postfix_backend)s
>
>
>
> # fail2ban-client status postfix
> Status for the jail: postfix
> |- Filter
> |  |- Currently failed:       0
> |  |- Total failed:   79
> |  `- File list:      /var/log/mail.log
> `- Actions
>   |- Currently banned:        0
>   |- Total banned:    0
>   `- Banned IP li...


You seem to be confusing jails postfix and postfix-auth ?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to