Topic: Cannot access websites/email from one particular IP
======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): apache
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue: none
====
Hello,
I have iRedMail running perfectly but today I encountered a strange problem.
Access to the websites I host is blocked for the IP I currently have. Also, I cannot synchronize my mail. Switching to a mobile device/different IP makes it work normally. I CAN connect via SSH though (some custom port).
When I restart "iptables" everything goes back to normal but I will be blocked some time later again.
Fail2Ban is active, but it does not seem that I was blocked by it. The log is empty.
The apache2 log is also of little help here.
# cat /var/log/apache2/error.log
[Mon Aug 31 06:25:16.359738 2015] [:notice] [pid 4862] FastCGI: process manager initialized (pid 4862)
[Mon Aug 31 06:25:16.468927 2015] [ssl:warn] [pid 862] AH01909: server.domain.tld:443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 31 06:25:16.469475 2015] [wsgi:warn] [pid 862] mod_wsgi: Compiled for Python/2.7.8.
[Mon Aug 31 06:25:16.469498 2015] [wsgi:warn] [pid 862] mod_wsgi: Runtime using Python/2.7.9.
[Mon Aug 31 06:25:16.472868 2015] [mpm_prefork:notice] [pid 862] AH00163: Apache/2.4.10 (Debian) mod_fastcgi/mod_fastcgi-SNAP-0910052141 OpenSSL/1.0.1k mod_wsgi/4.3.0 Python/2.7.9 configured -- resuming normal operations
[Mon Aug 31 06:25:16.472926 2015] [core:notice] [pid 862] AH00094: Command line: '/usr/sbin/apache2'I found something interesting in "iptables -L": Check the line with "REJECT" in it. IPs and ports have been made anonymous.
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-dovecot tcp -- anywhere anywhere multiport dports http,https,smtp,submission,pop3,pop3s,imap2,imaps,sieve
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:17XXX
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-dovecot (1 references)
target prot opt source destination
REJECT all -- pXXXXXXXX.dip0.t-ipconnect.de anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere Why is the IP banned? I am quite certain that I did not have any false logins. Also, the fail2ban log is empty.
Thanks in advance!
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.