Let us examine what f2b logs for 185.143.72.27 say :
1. Is is banned/unbanned by POSTFIX-SASL 4 times
2. on the fifth occurence, it is first banned by the POSTFIX-SASL jail
then by the RECIDIVE jail. Curiously, the RECIDIVE jail doesn't detect
that it has already been banned before. Maybe
Am 07.07.2020 um 13:32 schrieb Yassine Chaouche:
>
> Let us examine what f2b logs for 185.143.72.27 say :
>
> 1. Is is banned/unbanned by *postfix-sasl* 4 times
>
> 2. on the fifth occurence, it is first banned by the *postfix-sasl*
> jail then by the *recidive* jail. Curiously, the *recidive*
Thank you Peter, that was much appreciated.
Maybe the problem comes from the shorewall action I am using, which
isn't as feature-rich as the iptables action. Compare :
root@messagerie[10.10.10.19] ~ # removeblanks
/etc/fail2ban/action.d/iptables.conf
[INCLUDES]
before = iptables-blocktype.conf
Am 07.07.2020 um 15:22 schrieb Yassine Chaouche:
>
> Thank you Peter, that was much appreciated.
>
> Maybe the problem comes from the shorewall action I am using, which
> isn't as feature-rich as the iptables action. Compare :
>
> root@messagerie[10.10.10.19] ~ # removeblanks
>
This can happen if there is still an active connection with the
jailed IP. f2b only affects future, new connections.
At 06:32 AM 7/7/2020, Yassine Chaouche wrote:
Let us examine what f2b logs for 185.143.72.27 say :
1. Is is banned/unbanned by postfix-sasl 4 times
2. on the fifth
Thanks Nick & Graham — I have this working now and wanted to provide some quick
notes for those who might walk down this path in the future:
RE can be tested using the “fail2ban-regex” command — I found this incredibly
helpful.
New RE and mode changes can be placed into the desired [ FILTER
For my use case, it’s overkill…no need to have all modes enabled...
> On Jul 7, 2020, at 12:30 PM, Nick Howitt wrote:
>
> Why couldn't you just enable aggressive mode?
>
> On 07/07/2020 20:27, Antonio Leding wrote:
>> Thanks Nick & Graham — I have this working now and wanted to provide some
Why couldn't you just enable aggressive mode?
On 07/07/2020 20:27, Antonio Leding
wrote:
Thanks Nick & Graham — I have this working now and wanted to
provide some quick notes for those who might walk down this path
in the future: