HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   fail2ban log is banning my own server IP (http://www.howtoforge.com/forums/showthread.php?t=60262)

rlischer 18th January 2013 21:17

fail2ban log is banning my own server IP
 
I saw this in my fail2ban log. I have not even set up any mailboxes yet. It's banning my own server IP.

Code:

Data from: 2013-01-18 20:10
2013-01-18 10:54:40,330 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 11:04:40,414 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 11:07:55,748 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 11:17:55,863 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 11:21:10,245 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 11:31:10,273 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 11:34:25,652 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 11:44:25,658 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 11:47:40,988 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 11:57:41,092 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 12:00:54,383 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 12:10:54,466 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 12:14:10,832 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 12:24:10,845 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 12:27:25,207 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 12:37:26,190 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 12:40:40,556 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 12:50:40,638 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 12:53:55,965 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 13:03:56,076 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 13:07:10,446 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 13:08:28,528 fail2ban.actions: WARNING [ssh] Ban 66.161.136.106
2013-01-18 13:17:10,496 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 13:18:28,629 fail2ban.actions: WARNING [ssh] Unban 66.161.136.106
2013-01-18 13:20:25,857 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 13:30:25,918 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 13:33:41,274 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 13:43:41,349 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 13:46:55,638 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 13:56:55,695 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 14:00:11,038 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 14:02:48,326 fail2ban.jail : INFO Jail 'pureftpd' stopped
2013-01-18 14:02:49,323 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 14:02:49,325 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-dovecot-pop3imap returned 100
2013-01-18 14:02:49,325 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment
2013-01-18 14:02:49,338 fail2ban.actions.action: ERROR iptables -D fail2ban-dovecot-pop3imap -s 77.78.90.235 -j DROP returned 100
2013-01-18 14:02:49,343 fail2ban.jail : INFO Jail 'dovecot-pop3imap' stopped
2013-01-18 14:02:50,330 fail2ban.jail : INFO Jail 'ssh' stopped
2013-01-18 14:02:50,331 fail2ban.server : INFO Exiting Fail2ban
2013-01-18 14:03:09,225 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2013-01-18 14:03:09,234 fail2ban.jail : INFO Creating new jail 'dovecot-pop3imap'
2013-01-18 14:03:09,234 fail2ban.jail : INFO Jail 'dovecot-pop3imap' uses poller
2013-01-18 14:03:09,406 fail2ban.filter : INFO Added logfile = /var/log/mail.log
2013-01-18 14:03:09,406 fail2ban.filter : INFO Set maxRetry = 5
2013-01-18 14:03:09,407 fail2ban.filter : INFO Set findtime = 600
2013-01-18 14:03:09,408 fail2ban.actions: INFO Set banTime = 600
2013-01-18 14:03:09,418 fail2ban.jail : INFO Creating new jail 'pureftpd'
2013-01-18 14:03:09,418 fail2ban.jail : INFO Jail 'pureftpd' uses poller
2013-01-18 14:03:09,427 fail2ban.filter : INFO Added logfile = /var/log/syslog
2013-01-18 14:03:09,427 fail2ban.filter : INFO Set maxRetry = 3
2013-01-18 14:03:09,428 fail2ban.filter : INFO Set findtime = 600
2013-01-18 14:03:09,428 fail2ban.actions: INFO Set banTime = 600
2013-01-18 14:03:09,432 fail2ban.jail : INFO Creating new jail 'ssh'
2013-01-18 14:03:09,433 fail2ban.jail : INFO Jail 'ssh' uses poller
2013-01-18 14:03:09,452 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2013-01-18 14:03:09,453 fail2ban.filter : INFO Set maxRetry = 6
2013-01-18 14:03:09,454 fail2ban.filter : INFO Set findtime = 600
2013-01-18 14:03:09,454 fail2ban.actions: INFO Set banTime = 600
2013-01-18 14:03:09,672 fail2ban.jail : INFO Jail 'dovecot-pop3imap' started
2013-01-18 14:03:09,718 fail2ban.jail : INFO Jail 'pureftpd' started
2013-01-18 14:03:09,741 fail2ban.jail : INFO Jail 'ssh' started
2013-01-18 14:06:44,380 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 14:16:44,427 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 14:19:59,796 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 14:26:45,483 fail2ban.jail : INFO Jail 'pureftpd' stopped
2013-01-18 14:26:46,474 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 14:26:46,476 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-dovecot-pop3imap returned 100
2013-01-18 14:26:46,477 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment
2013-01-18 14:26:46,491 fail2ban.actions.action: ERROR iptables -D fail2ban-dovecot-pop3imap -s 77.78.90.235 -j DROP returned 100
2013-01-18 14:26:46,496 fail2ban.jail : INFO Jail 'dovecot-pop3imap' stopped
2013-01-18 14:26:47,486 fail2ban.jail : INFO Jail 'ssh' stopped
2013-01-18 14:26:47,487 fail2ban.server : INFO Exiting Fail2ban
2013-01-18 14:27:08,992 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2013-01-18 14:27:08,993 fail2ban.jail : INFO Creating new jail 'dovecot-pop3imap'
2013-01-18 14:27:08,993 fail2ban.jail : INFO Jail 'dovecot-pop3imap' uses poller
2013-01-18 14:27:09,122 fail2ban.filter : INFO Added logfile = /var/log/mail.log
2013-01-18 14:27:09,123 fail2ban.filter : INFO Set maxRetry = 5
2013-01-18 14:27:09,124 fail2ban.filter : INFO Set findtime = 600
2013-01-18 14:27:09,124 fail2ban.actions: INFO Set banTime = 600
2013-01-18 14:27:09,129 fail2ban.jail : INFO Creating new jail 'pureftpd'
2013-01-18 14:27:09,129 fail2ban.jail : INFO Jail 'pureftpd' uses poller
2013-01-18 14:27:09,234 fail2ban.filter : INFO Added logfile = /var/log/syslog
2013-01-18 14:27:09,235 fail2ban.filter : INFO Set maxRetry = 3
2013-01-18 14:27:09,236 fail2ban.filter : INFO Set findtime = 600
2013-01-18 14:27:09,236 fail2ban.actions: INFO Set banTime = 600
2013-01-18 14:27:09,241 fail2ban.jail : INFO Creating new jail 'ssh'
2013-01-18 14:27:09,241 fail2ban.jail : INFO Jail 'ssh' uses poller
2013-01-18 14:27:09,250 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2013-01-18 14:27:09,251 fail2ban.filter : INFO Set maxRetry = 6
2013-01-18 14:27:09,251 fail2ban.filter : INFO Set findtime = 600
2013-01-18 14:27:09,252 fail2ban.actions: INFO Set banTime = 600
2013-01-18 14:27:09,316 fail2ban.jail : INFO Jail 'dovecot-pop3imap' started
2013-01-18 14:27:09,321 fail2ban.jail : INFO Jail 'pureftpd' started
2013-01-18 14:27:09,322 fail2ban.jail : INFO Jail 'ssh' started
2013-01-18 14:30:49,807 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 14:40:49,970 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 14:44:04,333 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 14:54:04,436 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235
2013-01-18 14:57:19,781 fail2ban.actions: WARNING [dovecot-pop3imap] Ban 77.78.90.235
2013-01-18 15:07:19,845 fail2ban.actions: WARNING [dovecot-pop3imap] Unban 77.78.90.235


rlischer 19th January 2013 12:17

I fixed this by editing /etc/fail2ban/jail.conf and adding my local ip to ignore ip


All times are GMT +2. The time now is 19:03.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.