Hello, fail2ban 0.10.3.fix1 linux 4.12.14-lp150.12.7-default x86_64 It does not appear that fail2ban is actually banning IP addresses. Below are (I hope) relevant data. The log entries for the proxy show connection from a supposedly blocked IP. fail2ban later notices it and complains that it is "already banned." The issue, then, is that the actual banning part is not happening. Where have I gone awry?
----[ jail definition ]---- [assp] enabled = true port = smtp logpath = /usr/local/bin/assp2/logs/maillog.txt datepattern = %%Y-%%m-%%d_%%H:%%M:%%S # bantime = 1w maxretry = 2 findtime = 8h] action = iptables-multiport[name=assp, port="smtp", protocol=tcp] ----[ end ]---- ----[ log entries from fail2ban ]---- 2018-09-30 09:49:43,204 fail2ban.filter [16451]: INFO [assp] Found 185.36.81.145 - 2018-09-30 09:49:42 2018-09-30 09:55:58,007 fail2ban.filter [16451]: INFO [assp] Found 185.36.81.145 - 2018-09-30 09:55:57 2018-09-30 09:55:58,208 fail2ban.actions [16451]: WARNING [assp] 185.36.81.145 already banned ----[ end ]---- ----[ log entries from the SMTP proxy ]---- 2018-09-30_09:55:53 [Worker_1] Connected: session:7F90116CFF78 185.36.81.145:50149 > 192.168.69.246:25 > 192.168.69.246:125 2018-09-30_09:55:57 [Worker_1] [TLS-out] 185.36.81.145 warning: SMTP authentication failed on 192.168.69.246 2018-09-30_09:55:57 [Worker_1] [TLS-out] 185.36.81.145 [SMTP Error] 535 (515) incorrect password or account name ----[ end ]---- -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
