• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Fail2Ban , a little question

MartinB

MartinB

Basic Pleskian
Hello !

I'm using the new 17.5.3'er of Onyx, and found this :

At the fail2ban jails, here are my settings for the " plesk-postfix " jail :

Code: 
[plesk-postfix]
enabled = true
filter = postfix-sasl
action = iptables-multiport[name="plesk-postfix", port="smtp,smtps,submission"]
logpath = /var/log/maillog
maxretry = 3

Here are some lines from the logfile :

Code: 
2017-04-01 18:22:20,894 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,034 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,172 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,320 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,456 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,597 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,745 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,861 fail2ban.actions [10941]: NOTICE [plesk-postfix] Ban 195.22.126.142


I don't understand, why there more than 3 attempts ?!

Thanks for any help ...


Bye, Martin
 
All these entries have the "same time". Except for the first one.

All have happened within a second
 
Last edited:
Oh, I thought fail2ban counts the number of failed attempts of an IP ... :rolleyes:
... or are these attempts to fast for a reaction ? o_O

Bye, Martin
 
As you can see it has taken action with in the same second.

How about allowing it few miliseconds to figure out. Also its not only the maillog its watching ;)
 
Thank you for sharing. Feel more safer with plesk-fail2ban extention now.

Nice to see it has taken action with miliseconds. :)
 
You must log in or register to reply here.

Similar threads

F
Issue Fail2ban: Ip addresses are not blocked by Recidive
Replies
14
Views
1K
frg62
F
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
499
W4ru
W
Gianni
Question My IP in jail fail2ban using plesk
Replies
0
Views
456
Gianni
Gianni
F
Issue Fail2ban error with Almalinux ¿nf_tables?
Replies
1
Views
710
Fede Marsell
F
wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
2K
mizar
mizar
Back
Top