Re: [Fail2ban-users] recidive jail set, but IP still gets in

Let us examine what f2b logs for 185.143.72.27 say : 1. Is is banned/unbanned by POSTFIX-SASL 4 times 2. on the fifth occurence, it is first banned by the POSTFIX-SASL jail then by the RECIDIVE jail. Curiously, the RECIDIVE jail doesn't detect that it has already been banned before. Maybe

Re: [Fail2ban-users] recidive jail set, but IP still gets in

Am 07.07.2020 um 13:32 schrieb Yassine Chaouche: > > Let us examine what f2b logs for 185.143.72.27 say : > > 1. Is is banned/unbanned by *postfix-sasl* 4 times > > 2. on the fifth occurence, it is first banned by the *postfix-sasl* > jail then by the *recidive* jail. Curiously, the *recidive*

Re: [Fail2ban-users] recidive jail set, but IP still gets in

Thank you Peter, that was much appreciated. Maybe the problem comes from the shorewall action I am using, which isn't as feature-rich as the iptables action. Compare : root@messagerie[10.10.10.19] ~ # removeblanks /etc/fail2ban/action.d/iptables.conf [INCLUDES] before = iptables-blocktype.conf

Re: [Fail2ban-users] recidive jail set, but IP still gets in

Am 07.07.2020 um 15:22 schrieb Yassine Chaouche: > > Thank you Peter, that was much appreciated. > > Maybe the problem comes from the shorewall action I am using, which > isn't as feature-rich as the iptables action. Compare : > > root@messagerie[10.10.10.19] ~ # removeblanks >

Re: [Fail2ban-users] recidive jail set, but IP still gets in

This can happen if there is still an active connection with the jailed IP. f2b only affects future, new connections. At 06:32 AM 7/7/2020, Yassine Chaouche wrote: Let us examine what f2b logs for 185.143.72.27 say : 1. Is is banned/unbanned by postfix-sasl 4 times 2. on the fifth

Re: [Fail2ban-users] Parsing "Invalid authentication mechanism" in postfix

Thanks Nick & Graham — I have this working now and wanted to provide some quick notes for those who might walk down this path in the future: RE can be tested using the “fail2ban-regex” command — I found this incredibly helpful. New RE and mode changes can be placed into the desired [ FILTER

Re: [Fail2ban-users] Parsing "Invalid authentication mechanism" in postfix

For my use case, it’s overkill…no need to have all modes enabled... > On Jul 7, 2020, at 12:30 PM, Nick Howitt wrote: > > Why couldn't you just enable aggressive mode? > > On 07/07/2020 20:27, Antonio Leding wrote: >> Thanks Nick & Graham — I have this working now and wanted to provide some

Re: [Fail2ban-users] Parsing "Invalid authentication mechanism" in postfix

Why couldn't you just enable aggressive mode? On 07/07/2020 20:27, Antonio Leding wrote: Thanks Nick & Graham — I have this working now and wanted to provide some quick notes for those who might walk down this path in the future: