1 Topic by santoshkrg

  • santoshkrg
  • Member
  • Offline
  • Registered: 2011-06-20
  • Posts: 40

Topic: Fail2Ban service - Block Firewal (Gateway) IP

==== Provide required information ====
- iRedMail version and backend (LDAP/MySQL/PGSQL): 0.8.1 / LDAP PRO
- Linux/BSD distribution name and version: cent OS 6.3 64 Bit
- Any related log? Log is helpful for troubleshooting.
====

Hi Zhang,

Mail server IP is Natted in firewall with Port 25,110,143 .But we observed so many outside login failures from outside and Firewall local IP is banned by Fail2Ban service.

It is our new set up and ready to go live in weeks time.

How can we deal with this in production.

Thanks in advance

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Fail2Ban service - Block Firewal (Gateway) IP

Check config files in /etc/fail2ban/, you can use parameter 'ignoreip =' to bypass local networks.

3 Reply by santoshkrg

  • santoshkrg
  • Member
  • Offline
  • Registered: 2011-06-20
  • Posts: 40

Re: Fail2Ban service - Block Firewal (Gateway) IP

ZhangHuangbin wrote:

Check config files in /etc/fail2ban/, you can use parameter 'ignoreip =' to bypass local networks.


Thanks Zhang for the prompt reply as usual.

Failure or Ban  from Local IP is not a big issue.

I am worried about outside mail server  IP probe (multiple external password failure).

I found on my test server firewall IP is getting blocked.In production, if firewal IP is blocked,mail will stop coming and going.

Please find the log below to analyze.

Message from syslogd@mail at Jul 29 06:33:15 ...
¿<28>fail2ban.actions: WARNING [postfix-iredmail] Ban 172.30.65.1

Message from syslogd@mail at Jul 29 07:33:15 ...
¿<28>fail2ban.actions: WARNING [postfix-iredmail] Unban 172.30.65.1

172.30.65.1 is our Firewall IP where Mail server IP is natted.

How can I deal with this.

Thanks in advance.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Fail2Ban service - Block Firewal (Gateway) IP

santoshkrg wrote:

How can I deal with this.

Does "ignoreip = " in fail2ban config file work for you?

If you want to unban an IP address, please remove it with iptables command.

5 Reply by santoshkrg

  • santoshkrg
  • Member
  • Offline
  • Registered: 2011-06-20
  • Posts: 40

Re: Fail2Ban service - Block Firewal (Gateway) IP

Hi Zhang,

I edited jail.local file and un-commented the ignoreip line and added our network IP but still local IP is getting blocked.

After change I restarted fail2ban service also.

Do I need to do anything else to make it work.

Thanks in advance.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Fail2Ban service - Block Firewal (Gateway) IP

You didn't show me the real setting in your jail.local, and i don't know your LAN, so i suggest you checking this Fail2ban wiki:
http://www.fail2ban.org/wiki/index.php/Whitelist

It would be great if you can share your setting after you made it work. smile

7 Reply by sabirov.andrey

  • sabirov.andrey
  • Member
  • Offline
  • Registered: 2012-04-16
  • Posts: 10

Re: Fail2Ban service - Block Firewal (Gateway) IP

Hey. many thanks for this project is very helpful for the work.
established on debian six demon problems, if there was a wiki for all corrected.
thank you all for the project.

The only thing missing problemma after installing the Internet on a PC klienskij, ie to act as a server peresal routers.
I ponel at the end of the installation service is set ail2ban demon who has restricted access to vneshke of lokalke tell me where and what to fix was available from the lokalke on vneshke