View Single Post
  #5  
Old 13th March 2012, 20:07
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 284
Thanks: 78
Thanked 7 Times in 6 Posts
Exclamation

I dont try manually unban. It is fail2ban log file - automatic unban.

And I cant understand this log:
Code:
2012-03-13 19:52:13,396 fail2ban.actions: WARNING [sasl] Ban 59.40.168.253
2012-03-13 19:52:13,407 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-sasl returned 100
2012-03-13 19:52:13,407 fail2ban.actions.action: ERROR  Invariant check failed. Trying to restore a sane environment
2012-03-13 19:52:20,137 fail2ban.actions.action: ERROR  sleep ${RANDOM:0:1}.${RANDOM: -1:1}
iptables -N fail2ban-sasl
iptables -A fail2ban-sasl -j RETURN
iptables -I INPUT -p tcp -m multiport --dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s,smtpd -j fail2ban-sasl returned 200
2012-03-13 19:52:20,145 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-sasl returned 100
2012-03-13 19:52:20,146 fail2ban.actions.action: CRITICAL Unable to restore environment
2012-03-13 19:52:40,167 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:53:13,203 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:53:40,233 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:54:07,262 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:54:33,288 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:54:59,315 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:55:27,345 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:55:53,373 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:56:22,403 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:56:50,433 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:57:17,461 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:57:46,492 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:58:13,519 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:58:41,548 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:59:10,578 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 19:59:37,607 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 20:00:03,635 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 20:00:30,665 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 20:00:58,696 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 20:01:24,724 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 20:01:52,753 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 20:02:13,775 fail2ban.actions: WARNING [sasl] Unban 59.40.168.253
2012-03-13 20:02:13,798 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-sasl returned 100
2012-03-13 20:02:13,798 fail2ban.actions.action: ERROR  Invariant check failed. Trying to restore a sane environment
2012-03-13 20:02:23,736 fail2ban.actions.action: ERROR  sleep ${RANDOM:0:1}.${RANDOM: -1:1}
iptables -N fail2ban-sasl
iptables -A fail2ban-sasl -j RETURN
iptables -I INPUT -p tcp -m multiport --dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s,smtpd -j fail2ban-sasl returned 200
2012-03-13 20:02:23,744 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-sasl returned 100
2012-03-13 20:02:23,744 fail2ban.actions.action: CRITICAL Unable to restore environment
2012-03-13 20:02:24,746 fail2ban.actions: WARNING [sasl] Ban 59.40.168.253
2012-03-13 20:02:24,756 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-sasl returned 100
2012-03-13 20:02:24,757 fail2ban.actions.action: ERROR  Invariant check failed. Trying to restore a sane environment
2012-03-13 20:02:27,885 fail2ban.actions.action: ERROR  sleep ${RANDOM:0:1}.${RANDOM: -1:1}
iptables -N fail2ban-sasl
iptables -A fail2ban-sasl -j RETURN
iptables -I INPUT -p tcp -m multiport --dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s,smtpd -j fail2ban-sasl returned 200
2012-03-13 20:02:27,897 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-sasl returned 100
2012-03-13 20:02:27,897 fail2ban.actions.action: CRITICAL Unable to restore environment
2012-03-13 20:02:47,920 fail2ban.actions: WARNING [sasl] 59.40.168.253 already banned
2012-03-13 20:12:25,530 fail2ban.actions: WARNING [sasl] Unban 59.40.168.253
2012-03-13 20:12:25,539 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-sasl returned 100
2012-03-13 20:12:25,539 fail2ban.actions.action: ERROR  Invariant check failed. Trying to restore a sane environment
2012-03-13 20:12:28,599 fail2ban.actions.action: ERROR  sleep ${RANDOM:0:1}.${RANDOM: -1:1}
iptables -N fail2ban-sasl
iptables -A fail2ban-sasl -j RETURN
iptables -I INPUT -p tcp -m multiport --dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s,smtpd -j fail2ban-sasl returned 200
2012-03-13 20:12:28,606 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-sasl returned 100
It is means that IP is baned.
But in mail.warn I see this:

Code:
Mar 13 19:59:58 itex postfix/smtpd[6965]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:00:02 itex postfix/smtpd[6965]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:00:03 itex postfix/smtpd[14253]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:00:08 itex postfix/smtpd[14253]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:00:10 itex postfix/smtpd[15442]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:00:14 itex postfix/smtpd[15442]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:00:15 itex postfix/smtpd[14253]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:00:19 itex postfix/smtpd[14253]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:00:20 itex postfix/smtpd[6965]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:00:24 itex postfix/smtpd[6965]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:00:26 itex postfix/smtpd[15442]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:00:29 itex postfix/smtpd[15442]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:00:31 itex postfix/smtpd[6965]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:00:34 itex postfix/smtpd[6965]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:00:35 itex postfix/smtpd[14253]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:00:39 itex postfix/smtpd[14253]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:00:40 itex postfix/smtpd[6965]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:00:47 itex postfix/smtpd[6965]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:00:48 itex postfix/smtpd[15442]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:00:52 itex postfix/smtpd[15442]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:00:53 itex postfix/smtpd[14253]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:00:57 itex postfix/smtpd[14253]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:00:59 itex postfix/smtpd[6965]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:01:03 itex postfix/smtpd[6965]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:01:04 itex postfix/smtpd[15442]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:01:08 itex postfix/smtpd[15442]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:01:09 itex postfix/smtpd[6965]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:01:13 itex postfix/smtpd[6965]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:01:14 itex postfix/smtpd[6965]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:01:18 itex postfix/smtpd[6965]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:01:19 itex postfix/smtpd[14253]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:01:23 itex postfix/smtpd[14253]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:01:24 itex postfix/smtpd[6965]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:01:28 itex postfix/smtpd[6965]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:01:30 itex postfix/smtpd[15442]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:01:34 itex postfix/smtpd[15442]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:01:35 itex postfix/smtpd[14253]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
Mar 13 20:01:40 itex postfix/smtpd[14253]: warning: unknown[59.40.168.253]: SASL LOGIN authentication failed: authentication failure
Mar 13 20:01:41 itex postfix/smtpd[6965]: warning: 59.40.168.253: hostname 253.168.40.59.broad.sz.gd.dynamic.163data.com.cn verification failed: Name or service not known
It means that this IP try to connect and Iptables does not block it!

How I can block this IP, I need that this IP could not connect.

Falko can you help me to solve this problem?

Big thnks.
Reply With Quote