fail2ban question

Discussion in 'General' started by FredZ, Feb 28, 2020.

  1. FredZ

    FredZ Member

    Hello all

    I am getting this message in my logs
    Code:
    Feb 28 15:17:00 mx postfix/smtpd[29658]: warning: hostname ip-38-58.ZervDNS does not resolve to address 92.118.38.58: Name or service not known
    Its a known server that is on almost all RBL sites.

    How can I prevent/block this server from even connecting to my server? Unfortunaletly I don't have enough knowledge to even get the actual/real IP of the offending server.

    I have configured real-time black hole list with "b.barracudacentral.org, zen.spamhaus.org, cbl.abuseat.org, combined.njabl.org". Yes I did register to use b.barracudacentral.org

    I figured I might be able to do it via fail2ban as a permanent record. But without the actuall IP it simply won't work. And if I did have the IP I don't know how to configure it.

    Any comments would be most helpful.

    Regards

    Fred
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    The IP adress is 92.118.38.58, so you could ban it.
    The RBL works to mark incoming mail as spam/block it, but it doesn't deny a IP adress from connecting.
    However, these errors are very common and I wouldn't worry to much about it.
     
  3. elmacus

    elmacus Active Member HowtoForge Supporter

    You also could try global Postfix blacklist, set server and IP and choose type: client
     
  4. FredZ

    FredZ Member

    If its harmless and not actually doing anything except for fill my log files then I wont worry about it.

    I do appreciate your patience with helping me understand what I am looking at and what options I have.

    Regards

    Fred
     
  5. Steini86

    Steini86 Active Member

    The IP is in the log line ...
    I would recommend to not do things you don't understand. It could work now but bring problems in the future and you don't know what was done.
    There is no problem with this log. It does a bit of load to your server but no harm. You can safely ignore it.

    Just for completeness: Blacklists that block IPs at the firewall level (before they reach your mail/web daemon) can be done with the ipset project:
    https://github.com/trick77/ipset-blacklist
     
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    And for more completeness, no, fail2ban can't do permanent blocks without customizing your setup quite a bit. The other methods are easier and faster to implement.
     

Share This Page