ich richte gerade einenn neuen Server ein und wundere mich gerade über fail2ban in Verbindung mit iptables.
F2b soll postfix-SASL erkennen und blocken.
Der Inalt von /var/log/fail2ban.log
Code: Alles auswählen
2020-07-21 15:31:37,780 fail2ban.actions [7896]: WARNING [postfix-sasl] 212.70.149.67 already banned
2020-07-21 15:42:32,080 fail2ban.actions [7896]: WARNING [postfix-sasl] 212.70.149.67 already banned
2020-07-21 15:51:56,063 fail2ban.actions [7896]: WARNING [postfix-sasl] 212.70.149.67 already banned
2020-07-21 16:01:08,818 fail2ban.actions [7896]: WARNING [postfix-sasl] 212.70.149.67 already banned
Code: Alles auswählen
Jul 21 16:30:40 mx01 postfix/smtps/smtpd[8185]: lost connection after AUTH from unknown[212.70.149.67]
Jul 21 16:30:40 mx01 postfix/smtps/smtpd[8185]: disconnect from unknown[212.70.149.67] ehlo=1 auth=0/1 rset=1 commands=2/3
Jul 21 16:31:39 mx01 postfix/smtps/smtpd[8185]: connect from unknown[212.70.149.67]
Jul 21 16:32:23 mx01 postfix/smtps/smtpd[8185]: warning: unknown[212.70.149.67]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 21 16:32:34 mx01 postfix/smtps/smtpd[8185]: lost connection after AUTH from unknown[212.70.149.67]
Jul 21 16:32:34 mx01 postfix/smtps/smtpd[8185]: disconnect from unknown[212.70.149.67] ehlo=1 auth=0/1 rset=1 commands=2/3
iptables -L -n | grep 212.70.149.67 -n3 sagt:
Code: Alles auswählen
120-
121-Chain f2b-postfix-sasl (1 references)
122-target prot opt source destination
123:REJECT all -- 212.70.149.67 0.0.0.0/0 reject-with icmp-port-unreachable
124-RETURN all -- 0.0.0.0/0 0.0.0.0/0
125-
Was läuft da schief?
Danke im voraus.
Gruß Pixelpirat