Note: port 587 IS submission
[0:root@apinetstore shorewall]$ grep -e submission -e smtps /etc/services
submission 587/tcp msa # mail message submission
submission 587/udp msa # mail message submission
urd 465/tcp smtps # URL Rendesvous Directory for SSM /
SMTP over SSL (TLS)
You probably want smtp,smtps,submission (25,465,587).
Bill
On 10/5/2016 3:11 AM, Nick Howitt wrote:
Your key is this line:
ipv4 filter INPUT 0 -p tcp -m multiport --dports smtp,587,submission -m
set --match-set fail2ban-postfix src -j REJECT --reject-with
icmp-port-unreachable
It looks very similar to iptables. This rule more or less says block
tcp:25,587,465 for any source IP's which exist in the ipset set
fail2ban-postfix. It is that set which contains the individual IP's
which are being blocked. This means you need to use ipset commands to
see what is being blocked.
Ipset is massively more efficient than individual rules when blocking a
load of IP's. There is probably not much difference in speed when
blocking the odd IP or two. With iptables it takes much more time to
load individual rules than it does to load ipset sets. There is
obviously a trade-off between speed and readability. Individual rules
are slower but more readable. Rules using ipset are faster but less
readable.
Nick
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
