My postfix filter finds loads, but fails to ban them:
# fail2ban-client status postfix
Status for the jail: postfix
|- Filter
| |- Currently failed: 14
| |- Total failed: 51
| `- Journal matches: _SYSTEMD_UNIT=postfix.service
`- Actions
|- Currently banned: 0
|- Total banned: 3
`- Banned IP list:
postfix-sasl has no such issues:
# fail2ban-client status postfix-sasl
Status for the jail: postfix-sasl
|- Filter
| |- Currently failed: 0
| |- Total failed: 72
| `- Journal matches: _SYSTEMD_UNIT=postfix.service
`- Actions
|- Currently banned: 10
|- Total banned: 36
`- Banned IP list: 45.150.206.119 45.125.65.39 141.98.10.183
45.150.206.118 45.150.206.114 45.150.206.116 45.150.206.115
45.150.206.117 45.150.206.113 212.70.149.69
# nft list table inet f2b-table
table inet f2b-table {
set addr-set-postfix {
type ipv4_addr
}
set addr-set-postfix-sasl {
type ipv4_addr
elements = { 45.125.65.39, 45.150.206.113,
45.150.206.114, 45.150.206.115,
45.150.206.116, 45.150.206.117,
45.150.206.118, 45.150.206.119,
141.98.10.183, 212.70.149.69 }
}
chain f2b-chain {
type filter hook input priority filter - 1; policy accept;
meta l4proto { tcp } ip saddr @addr-set-postfix reject
meta l4proto { tcp } ip saddr @addr-set-postfix-sasl reject
}
}
As you can see, postfix-sasl has no trouble banning. I'm running
fail2ban-0.11.1-10.fc32.noarch. Any ideas how to track down this elusive
problem?
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
