Hello,
right now my fail2ban setup is half way working. For ssh logins, it is working just fine with the ssh-ipfw action:
But for the SASL logins, it does not. Same ssh-ipfw action:
I have no idea why fail2ban is detecting, but not doing anything.
right now my fail2ban setup is half way working. For ssh logins, it is working just fine with the ssh-ipfw action:
Code:
2021-05-19 11:09:56,802 fail2ban.filter [39101]: INFO [ssh-ipfw] Found 209.141.50.79 - 2021-05-19 11:09:56
2021-05-19 11:09:59,766 fail2ban.filter [39101]: INFO [ssh-ipfw] Found 209.141.50.79 - 2021-05-19 11:09:59
2021-05-19 11:10:00,044 fail2ban.actions [39101]: NOTICE [ssh-ipfw] Ban 209.141.50.79
But for the SASL logins, it does not. Same ssh-ipfw action:
Code:
2021-05-15 05:24:56,740 fail2ban.filter [779]: INFO [postfix-sasl] Found 103.147.184.193 - 2021-05-15 05:24:56
2021-05-15 05:58:17,901 fail2ban.filter [779]: INFO [postfix-sasl] Found 103.147.184.193 - 2021-05-15 05:58:17
2021-05-15 07:05:57,423 fail2ban.filter [779]: INFO [postfix-sasl] Found 103.147.184.193 - 2021-05-15 07:05:57
2021-05-15 19:40:02,547 fail2ban.filter [779]: INFO [postfix-sasl] Found 103.147.184.193 - 2021-05-15 19:40:02
2021-05-16 01:19:14,517 fail2ban.filter [779]: INFO [postfix-sasl] Found 103.147.184.193 - 2021-05-16 01:19:14
2021-05-16 15:29:02,159 fail2ban.filter [779]: INFO [postfix-sasl] Found 103.147.184.193 - 2021-05-16 15:29:01
2021-05-16 18:44:44,466 fail2ban.filter [779]: INFO [postfix-sasl] Found 103.147.184.193 - 2021-05-16 18:44:44
2021-05-16 23:52:31,294 fail2ban.filter [779]: INFO [postfix-sasl] Found 103.147.184.193 - 2021-05-16 23:52:31
2021-05-17 00:53:47,163 fail2ban.filter [779]: INFO [postfix-sasl] Found 103.147.184.193 - 2021-05-17 00:53:46
2021-05-17 01:54:07,191 fail2ban.filter [779]: INFO [postfix-sasl] Found 103.147.184.193 - 2021-05-17 01:54:06
2021-05-17 06:31:03,776 fail2ban.filter [779]: INFO [postfix-sasl] Found 103.147.184.193 - 2021-05-17 06:31:03