1 Topic by m.krzaczek

  • m.krzaczek
  • Member
  • Offline
  • Registered: 2010-08-25
  • Posts: 66

Topic: fail2ban is blocking too much ... why

==== Required information ====
- iRedMail version (check /etc/iredmail-release):  iRedMail-0.9.7
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP

I noticed, that after minutes I have many blocked connection by fail2ban. When  I check
systemctl status fail2ban
there are so many enties,  including my IP like this:
REJECT     all  --  41.141.1.192         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  41.13.32.219         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  39.53.236.103        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  39.40.41.251         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  39.37.153.112        0.0.0.0/0            reject-with icmp-port-unreachable

I have to stop fail2ban to have posibility to connect.
I dont understand why my IP is blocked, I wrote good password but after minutes it seemed to be blocked sad  what wrong in configuration?
This postfix/iredmail server is new, I run ssl on it with plain text possibility. what can couse this troubele, plis any advice

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,163

Re: fail2ban is blocking too much ... why

Check fail2ban log to see why the IP was blocked.

3 Reply by m.krzaczek (edited by m.krzaczek 2017-10-21 18:48:46)

  • m.krzaczek
  • Member
  • Offline
  • Registered: 2010-08-25
  • Posts: 66

Re: fail2ban is blocking too much ... why

I noticed that my mobile tablets and phones witd dynamic ip are blocked by fail2ban. Propably, that I use "type app" android client with plain text in SMTP. But I would like to connect like that, I dont want to reconfigure alle devices at this moment.
What to do on iredmail to allow connections?

I realy tried to find, but I did not the logs. Only I found is:
Oct 21 11:14:35 mailX.com fail2ban.actions[19214]: NOTICE [postfix-iredmail] Ban 171.79.37.255
Oct 21 11:14:35 mailX.com fail2ban.actions[19214]: NOTICE [postfix-iredmail] Ban 175.100.5.240
Oct 21 11:14:35 mailX.com fail2ban.actions[19214]: NOTICE [postfix-iredmail] Ban 175.101.30.226
and many more checked service  fail2ban staus.

in jail.local I have:
[dovecot-iredmail]
enabled     = true
filter      = dovecot.iredmail
action      = iptables-multiport[name=dovecot, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath     = /var/log/dovecot.log
                /var/log/dovecot-imap.log
                /var/log/dovecot-pop3.log
                /var/log/dovecot-sieve.log

[postfix-iredmail]
enabled     = true
filter      = postfix.iredmail
action      = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath     = /var/log/maillog

in those files above I can 't find nothing about fail2ban. Only suspicious entries are (in /var/log/maillog): in dovecot = user empty...

4 Reply by m.krzaczek

  • m.krzaczek
  • Member
  • Offline
  • Registered: 2010-08-25
  • Posts: 66

Re: fail2ban is blocking too much ... why

there are errors in dovecat.log, fail2ban balockin those ip

Oct 21 09:10:15 mail dovecot: imap-login: Disconnected (no auth attempts in 2 secs): user=<>, rip=37.248.166.55, lip=192.168.1.89, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46, session=<RzP6RwlcDU8l+KY3>

user<> - what does it mean ? empty?  does it couse the trouble?
ssl problem?

5 Reply by m.krzaczek

  • m.krzaczek
  • Member
  • Offline
  • Registered: 2010-08-25
  • Posts: 66

Re: fail2ban is blocking too much ... why

config of dovecot
[root@mail filter.d]# dovecot -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 3.10.0-514.6.1.el7.x86_64 x86_64 CentOS Linux release 7.3.1611 (Core)
auth_master_user_separator = *
auth_mechanisms = PLAIN LOGIN
dict {
  acl = mysql:/etc/dovecot/dovecot-share-folder.conf
  quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
}
disable_plaintext_auth = no


shows that ssl isn't required, by the way

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,163

Re: fail2ban is blocking too much ... why

Fix your smtp settings on your mobile devices, they're the problem, not your server settings.
You won't want to use plain smtp nowadays, please use secure connections (port 587 with STARTTLS).