Subject
I'd like some feedback regarding the Postscreen/Fail2ban configuration.
Description
Hi guys please help me understand what is wrongly configured here with the Postscreen and Fail2ban modules. I've attached a log sample. Fail2ban is activated, it just doesn't kick in to ban the IP's retrying to connect. I can manually ban these IPs with fail2ban-client so the jails are working, however the ban doesn't occur automatically after the "maxretry" is reached. So what is going on here?
# CODE GOES HERE
mailserver | Feb 15 19:31:21 mail postfix/postscreen[10972]: CONNECT from [87.246.7.226]:40982 to [192.168.176.2]:25
mailserver | Feb 15 19:31:21 mail postfix/postscreen[10972]: cache btree:/var/lib/postfix/postscreen_cache full cleanup: retained=26 dropped=3 entries
mailserver | Feb 15 19:31:22 mail postfix/dnsblog[10976]: addr 87.246.7.226 listed by domain list.dnswl.org as 127.0.10.3
mailserver | Feb 15 19:31:22 mail postfix/dnsblog[10975]: addr 87.246.7.226 listed by domain bl.mailspike.net as 127.0.0.2
mailserver | Feb 15 19:31:22 mail postfix/postscreen[10972]: PASS NEW [87.246.7.226]:40982
mailserver | Feb 15 19:31:22 mail postfix/smtpd[10984]: warning: hostname net6-ip226.linkbg.com does not resolve to address 87.246.7.226: Name or service not known
mailserver | Feb 15 19:31:22 mail postfix/smtpd[10984]: connect from unknown[87.246.7.226]
mailserver | Feb 15 19:31:24 mail dovecot: auth: passwd-file([email protected],87.246.7.226): unknown user (SHA1 of given password: e15e2f)
mailserver | Feb 15 19:31:26 mail postfix/smtpd[10984]: warning: unknown[87.246.7.226]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
mailserver | Feb 15 19:31:26 mail postfix/smtpd[10984]: disconnect from unknown[87.246.7.226] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
mailserver | Feb 15 19:32:07 mail postfix/postscreen[10972]: CONNECT from [87.246.7.226]:49306 to [192.168.176.2]:25
mailserver | Feb 15 19:32:07 mail postfix/postscreen[10972]: PASS OLD [87.246.7.226]:49306
mailserver | Feb 15 19:32:07 mail postfix/smtpd[10984]: warning: hostname net6-ip226.linkbg.com does not resolve to address 87.246.7.226: Name or service not known
mailserver | Feb 15 19:32:07 mail postfix/smtpd[10984]: connect from unknown[87.246.7.226]
mailserver | Feb 15 19:32:11 mail dovecot: auth: passwd-file([email protected],87.246.7.226): unknown user (SHA1 of given password: 0c0655)
mailserver | Feb 15 19:32:13 mail postfix/smtpd[10984]: warning: unknown[87.246.7.226]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
mailserver | Feb 15 19:32:13 mail postfix/smtpd[10984]: disconnect from unknown[87.246.7.226] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
mailserver | Feb 15 19:32:54 mail postfix/postscreen[10972]: CONNECT from [87.246.7.226]:57546 to [192.168.176.2]:25
mailserver | Feb 15 19:32:54 mail postfix/dnsblog[10977]: addr 87.246.7.226 listed by domain bl.mailspike.net as 127.0.0.2
mailserver | Feb 15 19:32:54 mail postfix/dnsblog[10974]: addr 87.246.7.226 listed by domain list.dnswl.org as 127.0.10.3
mailserver | Feb 15 19:32:54 mail postfix/postscreen[10972]: PASS OLD [87.246.7.226]:57546
mailserver | Feb 15 19:32:54 mail postfix/smtpd[10984]: warning: hostname net6-ip226.linkbg.com does not resolve to address 87.246.7.226: Name or service not known
mailserver | Feb 15 19:32:54 mail postfix/smtpd[10984]: connect from unknown[87.246.7.226]
mailserver | Feb 15 19:32:59 mail dovecot: auth: passwd-file(net@blkchaintech,87.246.7.226): unknown user (SHA1 of given password: 976950)
mailserver | Feb 15 19:33:01 mail postfix/smtpd[10984]: warning: unknown[87.246.7.226]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
mailserver | Feb 15 19:38:01 mail postfix/smtpd[10984]: timeout after AUTH from unknown[87.246.7.226]
mailserver | Feb 15 19:38:01 mail postfix/smtpd[10984]: disconnect from unknown[87.246.7.226] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver | Feb 15 19:41:21 mail postfix/anvil[10986]: statistics: max connection rate 2/60s for (smtpd:87.246.7.226) at Feb 15 18:32:07
mailserver | Feb 15 19:41:21 mail postfix/anvil[10986]: statistics: max connection count 1 for (smtpd:87.246.7.226) at Feb 15 18:31:22
mailserver | Feb 15 19:41:21 mail postfix/anvil[10986]: statistics: max cache size 1 at Feb 15 18:31:22
[87.246.7.226
Subject
I'd like some feedback regarding the Postscreen/Fail2ban configuration.
Description
Hi guys please help me understand what is wrongly configured here with the Postscreen and Fail2ban modules. I've attached a log sample. Fail2ban is activated, it just doesn't kick in to ban the IP's retrying to connect. I can manually ban these IPs with fail2ban-client so the jails are working, however the ban doesn't occur automatically after the "maxretry" is reached. So what is going on here?