Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 14th May 2011, 11:27
eko_taas eko_taas is offline
Member
 
Join Date: Feb 2011
Posts: 92
Thanks: 2
Thanked 12 Times in 10 Posts
Question sasl / fail2ban vs. postfix/smtpd warnings)

I wonder should fail2ban also ban IPs trying to contact smtp?

Fail2Ban Log has only SSHs at this period:
Code:
...
2011-05-11 18:27:50,277 fail2ban.jail : INFO Jail 'sasl' started
....
2011-05-11 18:41:39,843 fail2ban.actions: WARNING [ssh] Ban 210.114.220.186
2011-05-11 19:11:40,750 fail2ban.actions: WARNING [ssh] Unban 210.114.220.186
2011-05-12 00:46:19,139 fail2ban.actions: WARNING [ssh] Ban 112.137.163.72
2011-05-12 01:16:20,125 fail2ban.actions: WARNING [ssh] Unban 112.137.163.72
...
2011-05-12 07:04:56,836 fail2ban.actions: WARNING [ssh] Ban 122.227.135.143
2011-05-12 07:34:57,763 fail2ban.actions: WARNING [ssh] Unban 122.227.135.143
....
2011-05-12 12:16:09,844 fail2ban.actions: WARNING [ssh] Ban 112.78.1.6
2011-05-12 12:46:10,760 fail2ban.actions: WARNING [ssh] Unban 112.78.1.6
2011-05-12 12:57:46,498 fail2ban.actions: WARNING [ssh] Ban 122.225.101.154
2011-05-12 13:27:47,462 fail2ban.actions: WARNING [ssh] Unban 122.225.101.154
2011-05-12 14:21:34,999 fail2ban.actions: WARNING [ssh] Ban 46.45.147.25
2011-05-12 14:51:35,997 fail2ban.actions: WARNING [ssh] Unban 46.45.147.25
...
but Mail-Warn - Log has also several smtpd-trials (e.g. from IP 70.38.23.166) not listed in above)
Code:
...
May 12 07:51:48 server1 postfix/smtpd[26044]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:51:51 server1 postfix/smtpd[26071]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:51:54 server1 postfix/smtpd[26073]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:51:57 server1 postfix/smtpd[26074]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:52:01 server1 postfix/smtpd[26075]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:52:03 server1 postfix/smtpd[26083]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:52:07 server1 postfix/smtpd[26084]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:52:10 server1 postfix/smtpd[26110]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:52:13 server1 postfix/smtpd[26115]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:52:16 server1 postfix/smtpd[26116]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:52:19 server1 postfix/smtpd[26117]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:52:22 server1 postfix/smtpd[26118]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:52:25 server1 postfix/smtpd[26119]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:52:29 server1 postfix/smtpd[26120]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:52:32 server1 postfix/smtpd[26122]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
May 12 07:52:36 server1 postfix/smtpd[26123]: warning: ip-70-38-23-166.static.privatedns.com[70.38.23.166]: SASL LOGIN authentication failed: authentication failure
...
Any reason why they are not listed /banned? Or should I add something to /etc/fail2ban/jail.local (Debian Squeeze / ISPConfig 3.0.3.3 ) (now as http://www.howtoforge.com/forums/showthread.php?t=52047 )
Code:
[sasl]
enabled  = true
port     = smtp
filter   = sasl
logpath  = /var/log/mail.log
maxretry = 2
Thanks again for cont. support...

Also I have been wondering should I be woried about these warning (also from Mail-Warn - Log)
Code:
...
May 10 01:50:12 server1 postfix/smtpd[9063]: warning: 92.241.190.69: address not listed for hostname heihachi.net
...
May 12 23:44:14 server1 postfix/smtpd[3545]: warning: 114.42.154.89: hostname 114-42-154-89.dynamic.hinet.net verification failed: Temporary failure in name resolution
...
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fail2ban + sasl problem and Solution pititis General 1 2nd March 2011 08:02
Cannot login to SquirrelMail sellotape Installation/Configuration 13 26th October 2010 12:03
Need some Hints to "The Perfect Server - Debian Lenny (Debian 5.0) [ISPConfig 3]" wahid HOWTO-Related Questions 10 25th August 2010 16:18
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 08:29
The Perfect Setup - Debian Etch (Debian 4.0) some trouble daniel80 HOWTO-Related Questions 26 1st February 2008 17:30


All times are GMT +2. The time now is 03:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.