Think I have this worked out. non-standard postfix-auth and thet included
postfix jail enabled that may be checking for the same stuff. I’ve disabled
postfix-auth.
The rogue IP had been removed from iptables. Maybe by one or the other.
> On 16 Mar 2018, at 18:32, René Berber
P.S For reference, the current f2b chain contains :
Chain f2b-postfix (2 references)
target prot opt source destination
REJECT all -- 60.163.89.1280.0.0.0/0reject-with
icmp-port-unreachable
REJECT all -- 199.168.136.102 0.0.0.0/0