1 Topic by awol123 (edited by awol123 2019-06-27 01:50:56)

  • awol123
  • Member
  • Offline
  • Registered: 2019-03-21
  • Posts: 28

Topic: IP keeps being banned

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? Downloadable
- Linux/BSD distribution name and version: Debian 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

The component of iRedMail that automatically bans IP's based on certain activity (fail2ban?) keeps blocking an IP used by multiple users.

Chain f2b-dovecot (1 references)
target     prot opt source               destination
REJECT     all  --  MY.HOST.NAME  anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

I assume with it being in the f2b-dovecot chain that it's something to do with user IMAP connections. There is a fail2ban log file in /var/log but it's empty. Should entries be placed in here when IP's are banned?

Ok working through this myself I've found the imap.log file and can see it's one user attempting to connect with an incorrect password. I've now removed it with fail2ban_unban_ip.sh.

So I still have three quick questions:

1) Should all fail2ban activity be logged in /var/log/fail2ban.log?
2) Is there a way to whitelist an IP so it never gets blacklisted?
3) iRedAPD 3.0 seems to have been released but there was no announcement for it on the forum. Does it contain any important updates?

Many thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by AndyInNYC

  • AndyInNYC
  • Member
  • Offline
  • Registered: 2017-08-18
  • Posts: 145

Re: IP keeps being banned

there is a file on your system called jail.conf which controls many aspects of fail2ban.  In this file is a line reading:

ignoreip ......

add the ip addresses (make sure the line isn't commented out with a #) and restart fail2ban.

Regardless of how much that IP abuses the system it will continue to have access to the system.

You should add your own IP to this line as well in case you forget a password for some portion of the system.

You can also use dynamic IP addesses (mylocalmachine.dyndns.org type stuff) for systems with are registered with a DNS provider and have a potentially changing IP (I have my cell phone set with a DNS account).

Andrew




awol123 wrote:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? Downloadable
- Linux/BSD distribution name and version: Debian 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

The component of iRedMail that automatically bans IP's based on certain activity (fail2ban?) keeps blocking an IP used by multiple users.

Chain f2b-dovecot (1 references)
target     prot opt source               destination
REJECT     all  --  MY.HOST.NAME  anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

I assume with it being in the f2b-dovecot chain that it's something to do with user IMAP connections. There is a fail2ban log file in /var/log but it's empty. Should entries be placed in here when IP's are banned?

Ok working through this myself I've found the imap.log file and can see it's one user attempting to connect with an incorrect password. I've now removed it with fail2ban_unban_ip.sh.

So I still have three quick questions:

1) Should all fail2ban activity be logged in /var/log/fail2ban.log?
2) Is there a way to whitelist an IP so it never gets blacklisted?
3) iRedAPD 3.0 seems to have been released but there was no announcement for it on the forum. Does it contain any important updates?

Many thanks.