On 3/16/2018 1:37 AM, Sophie Loewenthal wrote: > fail2ban.log 2018-03-15 19:12:36,066 fail2ban.actions > [12742]: ERROR Failed to execute unban jail 'postfix-auth' action > 'iptables-multiport' info '{'matches': 'Mar 14 21:01:44 mx10 > postfix/smtpd[29359]: ... connection after AUTH from unknown[60.163.89.128]', 'failures': 10, 'time': 1521140815.757546, 'ip': '60.163.89.128'}': Error unbanning 60.163.89.128 > 2018-03-15 19:13:08,331 fail2ban.action [13158]: ERROR > iptables -w -D INPUT -p tcp -m multiport --dports > http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve -j > f2b-postfix ... > 2018-03-15 19:13:08,331 fail2ban.actions [13158]: ERROR Failed > to stop jail 'postfix-auth' action 'iptables-multiport': Error > stopping action That's at least 2 different problems:
1. What appears to be failure to unban an IP address (bantime is up)... Strange that the log doesn't show the actual error message, it usually does. I would start by looking at `iptables -nL`, or specifically for that address `iptables -nL | grep 60.163.89.128` to see if it is still there (in f2b-postfix). If it is, then run the command that the log says it failed, the `iptables -w -D INPUT -p tcp -m multiport --dports http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve -j f2b-postfix`. But this is a weird command, it doesn't include the IP, so what's it for? deleting the jail? Yes, that's what its doing, from the INPUT chain it deletes f2b-postfix (side note: I use f2b-postfix-sasl only, so I don't even have this jail, and don't need more than one for postfix). 2. The second problem shown is that f2b could not stop the jail (which it tries after too many unban failures). No idea what's going on there, perhaps stop implies delete the jail in iptables, and its all the same problem. > I had some though; The unbans are for IP addresses detected on March > 14, two days earlier. However I only enabled the chain last night, > so think this strange that it would unban an IP from before it was > enabled. That's normal, f2b uses 'findtime' to look back in the log. -- René Berber ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users