Trying to find where fail2ban@example.com is located

Discussion in 'ISPConfig 3 Priority Support' started by 360bladez, Aug 28, 2014.

  1. 360bladez

    360bladez New Member HowtoForge Supporter

    Hey

    Finished the The perfect server centos 6.4 guide a few days ago
    Now im trying to configure mail

    On my mail logs it shows

    Code:
    postfix/qmgr[911]: 67BA546E5AAA: from=<fail2ban@example.com>, size=4763, nrcpt=1 (queue active)
    Aug 28 21:04:39 www postfix/qmgr[911]: 850E246E5AB9: from=<fail2ban@example.com>, size=3372, nrcpt=1 (queue active)
    Aug 28 21:04:39 www postfix/qmgr[911]: 251B946E5ABE: from=<fail2ban@example.com>, size=3283, nrcpt=1 (queue active)
    Aug 28 21:04:39 www postfix/qmgr[911]: 05F1646E440B: from=<fail2ban@example.com>, size=643, nrcpt=1 (queue active)
    Aug 28 21:04:39 www postfix/qmgr[911]: 461F546E5AB5: from=<fail2ban@example.com>, size=3196, nrcpt=1 (queue active)
    Aug 28 21:04:39 www postfix/qmgr[911]: B92C346E5A9A: from=<fail2ban@example.com>, size=3441, nrcpt=1 (queue active)
    Code:
    Aug 28 21:05:39 www postfix/smtp[20709]: 05F1646E440B: to=<you@example.com>, relay=none, delay=134664, delays=134603/0.03/60/0, dsn=4.4.1, status=deferred (connect to example.com[93.184.216.119]:25: Connection timed out)
    I have edited the fail2ban configs files to email me on
    ban sasl, ssh
    But I can find where these configs are


    MY /etc/fail2ban/jail.local
    does not have a postfix section other then sasl
    I dont know where else to look

    Anyone have any ideas ?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Check /etc/postfix/main.cf and /etc/mailname
     
  3. 360bladez

    360bladez New Member HowtoForge Supporter

    Thanks for the response


    I dont have /etc/mailname

    I am trying to look through my main.cf and I am not seeing what is linking it
    I am going to post my main.cf, could you please take a look
     

    Attached Files:

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Do the command:

    hostname

    or

    hostname -f

    return example.com?
     
  5. 360bladez

    360bladez New Member HowtoForge Supporter

    Both return my correct hostname
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    try

    grep -r example.com /etc

    to see if there is any config file that includes that domain name.
     
  7. 360bladez

    360bladez New Member HowtoForge Supporter

    Code:
    /etc/httpd/conf.d/webalizer.conf:    # Allow from .example.com
    /etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
    /etc/httpd/conf/httpd.conf:#ServerName www.example.com:80
    /etc/httpd/conf/httpd.conf:# Redirect permanent /foo http://www.example.com/bar
    /etc/httpd/conf/httpd.conf:#ErrorDocument 402 http://www.example.com/subscription_info.html
    /etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:#    ServerAdmin webmaster@dummy-host.example.com
    /etc/httpd/conf/httpd.conf:#    DocumentRoot /www/docs/dummy-host.example.com
    /etc/httpd/conf/httpd.conf:#    ServerName dummy-host.example.com
    /etc/httpd/conf/httpd.conf:#    ErrorLog logs/dummy-host.example.com-error_log
    /etc/httpd/conf/httpd.conf:#    CustomLog logs/dummy-host.example.com-access_log common
    grep: /etc/udev/devices/ptyaf: No such device or address
    grep: /etc/udev/devices/ptyac: No such device or address
    
    This doesnt seem to search all folders only that one
    Trying to look through all the files again to see if I missed something
    Any other ideas please let me know
    Thanks again!
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Nothing related to fail2ban. Then I dont know where else it can come from. Did you restart the server to ensure that all services use the latest settings from conf files?
     
  9. 360bladez

    360bladez New Member HowtoForge Supporter

    I dont know if you seen my edited reply
    That command only seems to be scanning that one folder

    if i do grep -r example.com /etc/fail2ban


    Code:
    /etc/fail2ban/jail.local:           sendmail-whois[name=ProFTPD, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=GSSFTPd, dest=you@example.com]
    /etc/fail2ban/jail.local:              sendmail-whois[name=SSH, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail[name=Postfix, dest=you@example.com]
    /etc/fail2ban/jail.local:action   = sendmail-whois[name=VSFTPD, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=VSFTPD, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail[name=Postfix, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=openwebmail, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name="SSH,IPFW", dest=you@example.com]
    /etc/fail2ban/jail.local:#            sendmail-whois[name=Named, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Named, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
    /etc/fail2ban/jail.local:           blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Nagios, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
    /etc/fail2ban/action.d/complain.conf:#              -c me@example.com
    /etc/fail2ban/action.d/complain.conf:#              -- -f me@example.com
    /etc/fail2ban/action.d/mynetwatchman.conf:# mnwlogin = me@example.com
    /etc/fail2ban/action.d/dshield.conf:#              -c me@example.com
    /etc/fail2ban/action.d/dshield.conf:#              -- -f me@example.com
    /etc/fail2ban/jail.conf:           sendmail-whois[name=ProFTPD, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=GSSFTPd, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=sasl, dest=you@example.com]
    /etc/fail2ban/jail.conf:              sendmail-whois[name=SSH, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail[name=Postfix, dest=you@example.com]
    /etc/fail2ban/jail.conf:action   = sendmail-whois[name=VSFTPD, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=VSFTPD, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail[name=Postfix, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=openwebmail, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name="SSH,IPFW", dest=you@example.com]
    /etc/fail2ban/jail.conf:#            sendmail-whois[name=Named, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Named, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
    /etc/fail2ban/jail.conf:           blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Nagios, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
    
    Now I looked over these 2 files, Only 2 are set 2 true and they have my personal email address set


    hmm restarting might of worked.... I thought i restarted like 10 times since this issue began happening....going to give it a few hours and see
    nvm its back

    Code:
    ug 29 22:40:03 www postfix/smtpd[1146]: connect from localhost[::1]
    Aug 29 22:40:03 www postfix/smtpd[1146]: lost connection after CONNECT from localhost[::1]
    Aug 29 22:40:03 www postfix/smtpd[1146]: disconnect from localhost[::1]
    Aug 29 22:40:03 www dovecot: pop3-login: Disconnected (no auth attempts): rip=::1, lip=::1, secured
    Aug 29 22:40:03 www dovecot: imap-login: Disconnected (no auth attempts): rip=::1, lip=::1, secured
    Aug 29 22:40:22 www postfix/scache[1024]: statistics: start interval Aug 29 22:37:00
    Aug 29 22:40:22 www postfix/scache[1024]: statistics: domain lookup hits=0 miss=1 success=0%
    Aug 29 22:40:22 www postfix/scache[1024]: statistics: address lookup hits=0 miss=1 success=0%
    Aug 29 22:40:22 www postfix/scache[1024]: statistics: max simultaneous domains=1 addresses=1 connection=1
    Aug 29 22:41:50 www postfix/qmgr[908]: 2DC6E46E5AAF: from=<fail2ban@example.com>, size=3196, nrcpt=1 (queue active)
    Aug 29 22:41:50 www postfix/qmgr[908]: 464A046E5AA4: from=<fail2ban@example.com>, size=2829, nrcpt=1 (queue active)
    Aug 29 22:42:02 www postfix/smtpd[1039]: timeout after END-OF-MESSAGE from unknown[127.0.0.1]
    Aug 29 22:42:02 www postfix/smtpd[1039]: disconnect from unknown[127.0.0.1]
    Aug 29 22:42:05 www postfix/smtpd[1022]: timeout after END-OF-MESSAGE from unknown[127.0.0.1]
    Aug 29 22:42:05 www postfix/smtpd[1022]: disconnect from unknown[127.0.0.1]
    Aug 29 22:42:20 www postfix/smtp[1282]: connect to example.com[2606:2800:220:6d:26bf:1447:1097:aa7]:25: Connection timed out
    Aug 29 22:42:20 www postfix/smtp[1283]: connect to example.com[2606:2800:220:6d:26bf:1447:1097:aa7]:25: Connection timed out
    Aug 29 22:42:50 www postfix/smtp[1282]: connect to example.com[93.184.216.119]:25: Connection timed out
    Aug 29 22:42:50 www postfix/smtp[1283]: connect to example.com[93.184.216.119]:25: Connection timed out
    Aug 29 22:42:50 www postfix/smtp[1282]: 2DC6E46E5AAF: to=<you@example.com>, relay=none, delay=198125, delays=198064/0.01/60/0, dsn=4.4.1, status=deferred (connect to example.com[93.184.216.119]:25: Connection timed out)
    Aug 29 22:42:50 www postfix/smtp[1283]: 464A046E5AA4: to=<you@example.com>, relay=none, delay=203910, delays=203850/0.01/60/0, dsn=4.4.1, status=deferred (connect to example.com[93.184.216.119]:25: Connection timed out)
    Aug 29 22:45:02 www dovecot: imap-login: Disconnected (no auth attempts): rip=::1, lip=::1, secured
    Aug 29 22:45:02 www postfix/smtpd[1385]: connect from localhost[::1]
    Aug 29 22:45:02 www postfix/smtpd[1385]: lost connection after CONNECT from localhost[::1]
    Aug 29 22:45:02 www postfix/smtpd[1385]: disconnect from localhost[::1]
    Aug 29 22:45:02 www dovecot: pop3-login: Disconnected (no auth attempts): rip=::1, lip=::1, secured


    Code:
    /etc/amavisd/amavisd.conf:# $myhostname = 'host.example.com';  # must be a fully-qualified domain name!
    /etc/amavisd/amavisd.conf:# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
    /etc/amavisd/amavisd.conf:# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
    /etc/amavisd/amavisd.conf:# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
    /etc/amavisd/amavisd.conf~:$mydomain = 'example.com';   # a convenient default for other settings
    /etc/amavisd/amavisd.conf~:# $myhostname = 'host.example.com';  # must be a fully-qualified domain name!
    /etc/amavisd/amavisd.conf~:# 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
    /etc/amavisd/amavisd.conf~:# 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
    /etc/amavisd/amavisd.conf~:# 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
    /etc/dovecot/conf.d/auth-static.conf.ext:#  args = proxy=y host=%1Mu.example.com nopassword=y
    /etc/dovecot/dovecot-sql.conf:#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
    /etc/dovecot-sql.conf:#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
    /etc/fail2ban/jail.local:           sendmail-whois[name=ProFTPD, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=GSSFTPd, dest=you@example.com]
    /etc/fail2ban/jail.local:              sendmail-whois[name=SSH, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail[name=Postfix, dest=you@example.com]
    /etc/fail2ban/jail.local:action   = sendmail-whois[name=VSFTPD, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=VSFTPD, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail[name=Postfix, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=openwebmail, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name="SSH,IPFW", dest=you@example.com]
    /etc/fail2ban/jail.local:#            sendmail-whois[name=Named, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Named, dest=you@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
    /etc/fail2ban/jail.local:           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
    /etc/fail2ban/jail.local:           blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
    /etc/fail2ban/jail.local:           sendmail-whois[name=Nagios, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
    /etc/fail2ban/action.d/complain.conf:#              -c me@example.com
    /etc/fail2ban/action.d/complain.conf:#              -- -f me@example.com
    /etc/fail2ban/action.d/mynetwatchman.conf:# mnwlogin = me@example.com
    /etc/fail2ban/action.d/dshield.conf:#              -c me@example.com
    /etc/fail2ban/action.d/dshield.conf:#              -- -f me@example.com
    /etc/fail2ban/jail.conf:           sendmail-whois[name=ProFTPD, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=GSSFTPd, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=sasl, dest=you@example.com]
    /etc/fail2ban/jail.conf:              sendmail-whois[name=SSH, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail[name=Postfix, dest=you@example.com]
    /etc/fail2ban/jail.conf:action   = sendmail-whois[name=VSFTPD, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=VSFTPD, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail[name=Postfix, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=openwebmail, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name="SSH,IPFW", dest=you@example.com]
    /etc/fail2ban/jail.conf:#            sendmail-whois[name=Named, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Named, dest=you@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
    /etc/fail2ban/jail.conf:           blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
    /etc/fail2ban/jail.conf:           sendmail-whois[name=Nagios, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
    /etc/httpd/conf.d/webalizer.conf:    # Allow from .example.com
    /etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
    /etc/httpd/conf/httpd.conf:#ServerName www.example.com:80
    /etc/httpd/conf/httpd.conf:# Redirect permanent /foo http://www.example.com/bar
    /etc/httpd/conf/httpd.conf:#ErrorDocument 402 http://www.example.com/subscription_info.html
    /etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:# Change the ".example.com" to match your domain to enable.
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:#    Allow from .example.com
    /etc/httpd/conf/httpd.conf:#    ServerAdmin webmaster@dummy-host.example.com
    /etc/httpd/conf/httpd.conf:#    DocumentRoot /www/docs/dummy-host.example.com
    /etc/httpd/conf/httpd.conf:#    ServerName dummy-host.example.com
    /etc/httpd/conf/httpd.conf:#    ErrorLog logs/dummy-host.example.com-error_log
    /etc/httpd/conf/httpd.conf:#    CustomLog logs/dummy-host.example.com-access_log common
    /etc/krb5.conf:  kdc = kerberos.example.com
    /etc/krb5.conf:  admin_server = kerberos.example.com
    /etc/krb5.conf: .example.com = EXAMPLE.COM
    /etc/krb5.conf: example.com = EXAMPLE.COM
    /etc/mail/virtusertable:# @foo.org      %1@example.com
    /etc/mail/virtusertable:# old+*@foo.org new+%2@example.com
    /etc/mail/virtusertable:# gen+*@foo.org %2@example.com
    /etc/mail/virtusertable:# +*@foo.org    %1%3@example.com
    /etc/mail/virtusertable:# X++@foo.org   Z%3@example.com
    /etc/openldap/ldap.conf:#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
    /etc/php.ini:; following the section heading [HOST=www.example.com] only apply to
    /etc/php.ini:; PHP files served from www.example.com.  Directives set in these
    /etc/php.ini:;sendmail_from = me@example.com
    /etc/pki/dovecot/dovecot-openssl.cnf:# Common Name (*.example.com is also possible)
    /etc/pki/dovecot/dovecot-openssl.cnf:CN=imap.example.com
    /etc/pki/dovecot/dovecot-openssl.cnf:emailAddress=postmaster@example.com
    /etc/postfix/transport:#        In order to send mail for example.com and  its  subdomains
    /etc/postfix/transport:#             example.com      uucp:example
    /etc/postfix/transport:#             .example.com     uucp:example
    /etc/postfix/transport:#        directs  mail  for user@example.com via the slow transport
    /etc/postfix/transport:#        to a mail exchanger for example.com.  The  slow  transport
    /etc/postfix/transport:#             example.com      slow:
    /etc/postfix/transport:#        above).  The following sends all mail for example.com  and
    /etc/postfix/transport:#        its subdomains to host gateway.example.com:
    /etc/postfix/transport:#             example.com      :[gateway.example.com]
    /etc/postfix/transport:#             .example.com     :[gateway.example.com]
    /etc/postfix/transport:#        MX host for example.com.
    /etc/postfix/transport:#             example.com      smtp:bar.example:2025
    /etc/postfix/transport:#        This directs mail for user@example.com to host bar.example
    /etc/postfix/transport:#             .example.com     error:mail for *.example.com is not deliverable
    /etc/postfix/transport:#        This  causes  all mail for user@anything.example.com to be
    /etc/pure-ftpd/pureftpd-ldap.conf:LDAPServer ldap.example.com
    grep: /etc/udev/devices/ptyaf: No such device or address
    grep: /etc/udev/devices/ptyac: No such device or address
     
    Last edited: Aug 29, 2014

Share This Page