1 Topic by samtech

  • samtech
  • Member
  • Offline
  • Registered: 2015-12-21
  • Posts: 34

Topic: Many IPs added to iptables fail2ban-postfix

==== Required information ====
- iRedMail version (check /etc/iredmail-release):      v0.9.5-1
- Linux/BSD distribution name and version: Debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes  v2.4.0 (MySQL)
- Related log if you're reporting an issue:
====

I see many IPs in iptables fail2ban-postfix section.
I want to know
a. Reason for adding those IPs to block list
b. Will those IPs be aoto unblocked? If yes then when?
c. Where i can see log for those block/unblock actions.

Please help to understand above things.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by samtech

  • samtech
  • Member
  • Offline
  • Registered: 2015-12-21
  • Posts: 34

Re: Many IPs added to iptables fail2ban-postfix

It looks forum is quite INACTIVE.
There is no support from community.
Only developer do reply whenever he get time.

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,768

Re: Many IPs added to iptables fail2ban-postfix

samtech wrote:

a. Reason for adding those IPs to block list
b. Will those IPs be aoto unblocked? If yes then when?
c. Where i can see log for those block/unblock actions.

I suggest checking Fail2ban config file first, you will find answers in one single config file: /etc/fail2ban/jail.local.

samtech wrote:

It looks forum is quite INACTIVE.
There is no support from community.
Only developer do reply whenever he get time.

Excuse me, what kind of support do you expect?
Posts usually get replied in one day.

4 Reply by samtech

  • samtech
  • Member
  • Offline
  • Registered: 2015-12-21
  • Posts: 34

Re: Many IPs added to iptables fail2ban-postfix

Hi,
Thanks for your reply.
I checked that config, but couldn't get what is going there.
Is there any documentation available for that?

a. Reason for adding those IPs to block list
Still unanswered

b. Will those IPs be aoto unblocked? If yes then when?
Ok, got it. It will be unblocked after 24 Hrs.

c. Where i can see log for those block/unblock actions.
I tried following for mail.log, dovecot.log, sogo.log but couldn't find anything.

sudo tail -n 1000 /var/log/mail.log | grep fail2ban

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,768

Re: Many IPs added to iptables fail2ban-postfix

The Fail2ban config file is pretty clear. For example:

[DEFAULT]
# time is in seconds. 3600 = 1 hour, 86400 = 24 hours (1 day)
findtime    = 3600
bantime     = 86400
maxretry    = 5
ignoreip    = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

[sshd]
enabled     = true
filter      = sshd
action      = iptables[name=sshd, port="PH_SSHD_PORT", protocol=tcp]
logpath     = /var/log/auth.log

"[DEFAULT]" section defines some global settings, and other sections defines block list. The block section ("[sshd]" in our example) defines the log file path (logpath = ), filter file it should use (filter = ), and how to ban client IP address (action = ). The filter file is /etc/fail2ban/filter.d/<filter-name>.conf, it defines some regular expressions to catch log lines and extract IP address.

For more details, check its website: http://www.fail2ban.org/