Hi, > > 2021-07-15 22:01:50,070 fail2ban.actions [2047644]: NOTICE > > [postfix] Ban 212.70.149.71 > > 2021-07-15 22:01:50,088 fail2ban.utils [2047644]: ERROR > > 7fad2804c3f0 -- exec: iptables -w -N f2b-postfix iptables -w -A > > f2b-postfix -j RETURN > > [--- snipped ---] ... > I notice that the second line of your log cutting seems to have two > invocations of "iptables" in one command. Might this be contributing to > your difficulties? Should there be ";" or "&&" between "f2b-postfix" and > "iptables"?
I added the banaction to each of my postfix sections in jail.conf: [postfix] # To use another modes set filter parameter "mode" in jail.local: mode = aggressive #mode = more port = smtp,465,submission logpath = %(postfix_log)s backend = %(postfix_backend)s maxretry = 3 findtime = 24h bantime = 1h enabled = true banaction = iptables-multiport I probably would have been okay with just outright blocking the IP altogether, not just for submission. Jul 17 21:13:53 cipher postfix/smtps/smtpd[3289780]: warning: unknown[78.128.113.98]: SASL PLAIN authentication failed: Perhaps that's what's happening anyway? # iptables -nvL|grep 78.128.113.98 19 915 REJECT all -- * * 78.128.113.98 0.0.0.0/0 reject-with icmp-port-unreachable _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
