In the fail2ban config I have this relevent section
# username-notfound
[username-notfound]
enabled = true
filter = *username-notfound*
action = iptables[name=SMTP, port=smtp, protocol=tcp]
logpath = /var/log/maillog
maxretry = 3
bantime = 86400
findtime = 3600
From that I can figure a computer is sending to an invalid email
address on smtp port ( 25 ) so after 3 tries (maxretry = 3) the firewall
stops it ( iptables )
What logs should I be looking at to determine which computer is causing
this.
Thanks
On 11/21/13 2:21 PM, Sebastian Grewe wrote:
Hey,
What is the filter configuration and when would it get triggered? That might
help to sched some light on this.
Cheers,
Sebastian
On 21.11.2013, at 21:59, System Admin <[email protected]> wrote:
Hi guys n Gals,
I know this is now a qmail problem, just looking for input.
suddenly fail2ban on my server has blocked " My " IP from sending on port 25
In the fail2ban logs I see:
fail2ban.actions: WARNING [username-notfound] Ban "my-ipaddress "
It resets the firewall if I do /etc/init.d/fail2ban stop and
/etc/init.d/fail2ban/start
Has anyone experienced this,
Possible virus on PC, looks to me like a computer may be sending spam as a no
existent user.
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
