Re: [Fail2ban-users] Postfix filter finds IPs, fails to ban them

Sun, 25 Oct 2020 08:57:03 -0700 

Set that jail to:
maxretry = 1

Then run:
fail2ban-client stop; fail2ban-client start

and see what happens.

Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com


-------- Original Message --------
*Subject: *  [Fail2ban-users] Postfix filter finds IPs, fails to ban them
*From: *     Tom Via Fail2ban-users <fail2ban-users@lists.sourceforge.net>
*To: *         Fail2ban-users <fail2ban-users@lists.sourceforge.net>
*CC: *
*Date: *      2020-10-23  11:47 AM

My postfix filter finds loads, but fails to ban them:


# fail2ban-client status postfix
Status for the jail: postfix
|- Filter
|  |- Currently failed:    14
|  |- Total failed:    51
|  `- Journal matches:    _SYSTEMD_UNIT=postfix.service
`- Actions
   |- Currently banned:    0
   |- Total banned:    3
   `- Banned IP list:


postfix-sasl has no such issues:

# fail2ban-client status postfix-sasl
Status for the jail: postfix-sasl
|- Filter
|  |- Currently failed:    0
|  |- Total failed:    72
|  `- Journal matches:    _SYSTEMD_UNIT=postfix.service
`- Actions
   |- Currently banned:    10
   |- Total banned:    36
   `- Banned IP list:    45.150.206.119 45.125.65.39 141.98.10.183 45.150.206.118 45.150.206.114 45.150.206.116 45.150.206.115 45.150.206.117 45.150.206.113 212.70.149.69 


# nft list table inet f2b-table
table inet f2b-table {
    set addr-set-postfix {
        type ipv4_addr
    }

    set addr-set-postfix-sasl {
        type ipv4_addr
        elements = { 45.125.65.39, 45.150.206.113,
                 45.150.206.114, 45.150.206.115,
                 45.150.206.116, 45.150.206.117,
                 45.150.206.118, 45.150.206.119,
                 141.98.10.183, 212.70.149.69 }
    }

    chain f2b-chain {
        type filter hook input priority filter - 1; policy accept;
        meta l4proto { tcp } ip saddr @addr-set-postfix reject
        meta l4proto { tcp } ip saddr @addr-set-postfix-sasl reject
    }
}
As you can see, postfix-sasl has no trouble banning. I'm running fail2ban-0.11.1-10.fc32.noarch. Any ideas how to track down this elusive problem? 


_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users





_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to