1

Topic: fail2ban log

==== Required information ====
- iRedMail version: 0.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Ubuntu 13.10
- Related log if you're reporting an issue:
====

How do we check if a ip is blocked in the fail2ban system?
how do we unblock a ip if it has ben blocked?

when i look at the fail2ban.log under var/log all i see it:

2014-06-15 06:48:23,861 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.10

the problem is we have a customor who cant recieve any mails from a person. There are nothing in the mail.log so are there any where else we can check, to make sure it isent a problem on our part?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: fail2ban log

You can check with iptables command. For example:

# iptables -L -n

To delete an IP blocked in iptables, you have to get the line number of rule first. Please refer to this short tutorial:
http://www.cyberciti.biz/faq/iptables-d … -firewall/

3

Re: fail2ban log

The output from iptables look like there is nothing in there, that should prevent a user from delivering mail to us. Also the person can deliver mail just fine to another mail on another domain, on the same server. A rule in iptables/fail2ban would affect everything hosted on that mail server correct?

ubuntu@cmail:~$ sudo iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
fail2ban-postfix  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,443,25,587,110,995,143,993,4190
fail2ban-dovecot  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,443,25,587,110,995,143,993,4190
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:2525
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:995
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:143
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:993
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-dovecot (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-postfix (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0
ubuntu@cmail:~$

4

Re: fail2ban log

madssigvert wrote:

the problem is we have a customor who cant recieve any mails from a person.

You should check Postfix log file first, is there any log related to this sender? If his mail server connected to your server, Postfix will log it.

5

Re: fail2ban log

it only shows anything when he is trying to mail our test domain, but not when he tries to wrote to the customer. I think its a error on his end, and not ours, i just want to be sure, that our mail flow is working as it should.

since mail.log dosent show anything from the customer to our customer, i would bet its safe to asume that their mail server, havent tryed to deliver anything. correct?

6

Re: fail2ban log

madssigvert wrote:

since mail.log dosent show anything from the customer to our customer, i would bet its safe to asume that their mail server, havent tryed to deliver anything. correct?

Yes. or, you don't have correct MX DNS records for your mail domain, which causes customer's mail server connected to wrong mail server.

7

Re: fail2ban log

if that were the case, the customer wouldent be able to get any mail, and they do get mail just fine, from other places.

8

Re: fail2ban log

So it's better to contact customer's postmaster to solve this issue together.