debianforum.de

Verfasst: **21.07.2020 16:35:17**

Hallo,

ich richte gerade einenn neuen Server ein und wundere mich gerade über fail2ban in Verbindung mit iptables.

F2b soll postfix-SASL erkennen und blocken.
Der Inalt von /var/log/fail2ban.log

Code: Alles auswählen

2020-07-21 15:31:37,780 fail2ban.actions        [7896]: WARNING [postfix-sasl] 212.70.149.67 already banned
2020-07-21 15:42:32,080 fail2ban.actions        [7896]: WARNING [postfix-sasl] 212.70.149.67 already banned
2020-07-21 15:51:56,063 fail2ban.actions        [7896]: WARNING [postfix-sasl] 212.70.149.67 already banned
2020-07-21 16:01:08,818 fail2ban.actions        [7896]: WARNING [postfix-sasl] 212.70.149.67 already banned

In /var/log/mail.log steht:

Code: Alles auswählen

Jul 21 16:30:40 mx01 postfix/smtps/smtpd[8185]: lost connection after AUTH from unknown[212.70.149.67]
Jul 21 16:30:40 mx01 postfix/smtps/smtpd[8185]: disconnect from unknown[212.70.149.67] ehlo=1 auth=0/1 rset=1 commands=2/3
Jul 21 16:31:39 mx01 postfix/smtps/smtpd[8185]: connect from unknown[212.70.149.67]
Jul 21 16:32:23 mx01 postfix/smtps/smtpd[8185]: warning: unknown[212.70.149.67]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 21 16:32:34 mx01 postfix/smtps/smtpd[8185]: lost connection after AUTH from unknown[212.70.149.67]
Jul 21 16:32:34 mx01 postfix/smtps/smtpd[8185]: disconnect from unknown[212.70.149.67] ehlo=1 auth=0/1 rset=1 commands=2/3

iptables -L -n | grep 212.70.149.67 -n3 sagt:

Code: Alles auswählen

120-
121-Chain f2b-postfix-sasl (1 references)
122-target     prot opt source               destination
123:REJECT     all  --  212.70.149.67        0.0.0.0/0            reject-with icmp-port-unreachable
124-RETURN     all  --  0.0.0.0/0            0.0.0.0/0
125-

Warum kann der Host noch einen Connect zum Postfix machen?
Was läuft da schief?

Danke im voraus.

Gruß Pixelpirat

debianforum.de

Fail2ban / iptables

Fail2ban / iptables