Jan 24, 2025: iRedMail-1.7.2 has been released.

**Neovana** · 2025-02-12 06:41:56

Neovana
Member
Offline

Registered: 2023-05-10
Posts: 58

Re: OpenBSD 7.6 and iRedMail 1.7.2

Any update on this? fail2ban, iredadmin, and mlmmjadmin still fail to load on boot.

I posted all of the error logs as requested.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2025-02-14 19:32:31

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,281

Re: OpenBSD 7.6 and iRedMail 1.7.2

What's the original error message in their log files?

**Neovana** · 2025-02-21 09:19:07

Neovana
Member
Offline

Registered: 2023-05-10
Posts: 58

Re: OpenBSD 7.6 and iRedMail 1.7.2

ZhangHuangbin wrote:

What's the original error message in their log files?

Is there a new command you'd like for me to run? I'm sorry but I've posted all of the errors I've come across - in this thread already.

Here they are again:

starting package daemons: postgresql nginx php81_fpm dovecot clamd freshclam amavisd postfix mimmjadminuwsgi[1287]: pinsyscalls addr 45a52ec4259 code 253, pinoff Oxffffffff (pin 330 45a7d5ee000-45a7d5fc66d e66d) (libcpin 0 0-0 0) error 78 (failed) iredapd iredadminuwsgi[91938]: pinsyscalls addr c99aa8ac259 code 253, pinoff Oxffffffff (pin 330 c99122a4000-c99122b266d e66d) (libcpin 0 0-0 0) error 78 (failed) fail2ban(failed) gemu_ga.
starting local daemons: cron.

OpenBSD 7.6 (GENERIC.MP) #0: Thu Jan 9 07:32:40 MST 2025
root@syspatch-76-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
1:30AM up 4 days, 6:17, 0 users, load averages: 0.08, 0.02, 0.01
Services that should be running but aren't:
fail2ban
iredadmin
mlmmjadmin

# cd mlmmjadmin-3.3.0/tools
# bash upgrade_mlmmjadmin.sh
* Detected Linux/BSD distribution: OPENBSD
* Checking Python 3.
* Checking required Python(-3) modules:
+ [required] psycopg2
+ [required] web.py
error: externally-managed-environment
× This environment is externally managed
╰─> This Python installation is managed by pkg_add(1).

To install Python packages system-wide, use the OS packages where possible, for example: "pkg_add py3-somepackage".

Otherwise, for software which is not available in packages, it is recommended to create a "venv" (virtual environment, see
https://docs.python.org/3/library/venv.html) and install it there. For standalone applications, pipx (in the py3-pipx package) can help manage this for you.
note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
hint: See PEP 668 for the detailed specification.
<<< ERROR >>> Failed to install Python 3 modules, please try to install them manually: web.py>=0.61

# cd mlmmjadmin-3.3.1/tools/
# bash upgrade_mlmmjadmin.sh
* Detected Linux/BSD distribution: OPENBSD
* Checking Python 3.
* Checking required Python(-3) modules:
+ [required] psycopg2
* Found mlmmjadmin: /opt/mlmmjadmin, symbol link of /opt/mlmmjadmin-3.3.0
* Found old config file: /opt/mlmmjadmin/settings.py
* Copying new version to /opt/mlmmjadmin-3.3.1
* Copy /opt/mlmmjadmin/settings.py.
* Removing old symbol link /opt/mlmmjadmin
* Creating symbol link: /opt/mlmmjadmin-3.3.1 -> /opt/mlmmjadmin
* Copy SysV init script.
* mlmmjadmin has been successfully upgraded.
* Restarting service: mlmmjadmin.
mlmmjadminuwsgi[52885]: pinsyscalls addr ef22910b259 code 253, pinoff 0xffffffff (pin 330 ef242253000-ef242261670 e670) (libcpin 0 0-0 0) error 78
(failed)
Failed, please restart service 'mlmmjadmin' manually.
* Sync mailing list profiles to SQL/LDAP.
No mailing list found. Abort.
* Upgrading completed.
<<< NOTE >>> If mlmmjadmin doesn't work as expected, please post your issue in
<<< NOTE >>> our online support forum: http://www.iredmail.org/forum/
# rcctl restart mlmmjadmin
mlmmjadminuwsgi[90796]: pinsyscalls addr 3ab78046259 code 253, pinoff 0xffffffff (pin 330 3ab6fa1f000-3ab6fa2d670 e670) (libcpin 0 0-0 0) error 78
(failed)

# cd iRedAdmin-2.6/tools/
# bash upgrade_iredadmin.sh
* Detected Linux/BSD distribution: OPENBSD
* HTTP server root: /opt/www
* Found iRedAdmin directory: /opt/www/iredadmin, symbol link of iRedAdmin-2.6
* Found iRedAdmin config file: /opt/www/iredadmin/settings.py
* Copying new version to /opt/www/iRedAdmin-2.6
* Copy /opt/www/iredadmin/settings.py.
cp: /opt/www/iRedAdmin-2.6/settings.py and /opt/www/iredadmin/settings.py are identical (not copied).
* Removing old symbol link /opt/www/iredadmin
* Creating symbol link /opt/www/iredadmin to /opt/www/iRedAdmin-2.6
* Enable mlmmj integration.
* Restarting service: mlmmjadmin.
mlmmjadminuwsgi[66127]: pinsyscalls addr f6c97bce259 code 253, pinoff 0xffffffff (pin 330 f6c0646b000-f6c06479670 e670) (libcpin 0 0-0 0) error 78
(failed)
Failed, please restart service manually and check its log file.
* Check and install required packages.
ALTER TABLE
* Replace py2 by py3 in cron jobs.
* Clean up.
* Delete all existing sessions to force all admins to re-login.
* iRedAdmin has been successfully upgraded.
* Restarting iredadmin service.
iredadminuwsgi[94519]: pinsyscalls addr 3ff1da00259 code 253, pinoff 0xffffffff (pin 330 3fe72a10000-3fe72a1e670 e670) (libcpin 0 0-0 0) error 78
(failed)
Failed, please restart Apache web server or 'iredadmin' (if you're running Nginx as web server) manually.
* Enable service: iredadmin
iredadminuwsgi[86007]: pinsyscalls addr f70aaa93259 code 253, pinoff 0xffffffff (pin 330 f70e71d5000-f70e71e3670 e670) (libcpin 0 0-0 0) error 78
(failed)
Failed, please restart service manually and check its log file.
* Upgrading completed.
<<< NOTE >>> If iRedAdmin doesn't work as expected, please post your issue in
<<< NOTE >>> our online support forum: http://www.iredmail.org/forum/
# rcctl restart iredadmin
iredadminuwsgi[63563]: pinsyscalls addr bdf05ad5259 code 253, pinoff 0xffffffff (pin 330 bdf0fe6f000-bdf0fe7d670 e670) (libcpin 0 0-0 0) error 78
(failed)

**Neovana** · 2025-02-21 17:21:33

Neovana
Member
Offline

Registered: 2023-05-10
Posts: 58

Re: OpenBSD 7.6 and iRedMail 1.7.2

% doas cat mlmmjadmin.log
2025-01-15T06:00:01.516Z mail newsyslog[93767]: logfile turned over
Jan 15 03:10:21 mail mlmmjadmin: *** Starting uWSGI 2.0.24 (64bit) on [Wed Jan 15 03:10:20 2025] ***
% cat fail2ban.log
2025-01-17T06:00:01.917Z mail newsyslog[13721]: logfile turned over

**Neovana** · 2025-02-21 17:34:48

Neovana
Member
Offline

Registered: 2023-05-10
Posts: 58

Re: OpenBSD 7.6 and iRedMail 1.7.2

It was suggested to me that these apps need to be recompiled. How would I do that?

**ZhangHuangbin** · 2025-02-22 13:49:30

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,281

Re: OpenBSD 7.6 and iRedMail 1.7.2

Please install uwsgi manually:

pip3 install -U uwsgi

Download latest mlmmjadmin 3.3.1 and upgrade:
https://docs.iredmail.org/upgrade.mlmmjadmin.html

**Neovana** · 2025-02-23 06:14:20

Neovana
Member
Offline

Registered: 2023-05-10
Posts: 58

Re: OpenBSD 7.6 and iRedMail 1.7.2

# pip3 install -U uwsgi
error: externally-managed-environment
× This environment is externally managed
╰─> This Python installation is managed by pkg_add(1).

To install Python packages system-wide, use the OS packages where
possible, for example: "pkg_add py3-somepackage".

Otherwise, for software which is not available in packages,
it is recommended to create a "venv" (virtual environment, see
https://docs.python.org/3/library/venv.html) and install it there.
For standalone applications, pipx (in the py3-pipx package) can
help manage this for you.
note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
hint: See PEP 668 for the detailed specification.
# pkg_add uwsgi
quirks-7.50 signed on 2025-02-21T23:21:50Z
Can't find uwsgi
# pkg_add py3-uwsgi
quirks-7.50 signed on 2025-02-21T23:21:50Z
Can't find py3-uwsgi

uwsgi install failed

I tried another way: https://www.ipv6.rs/tutorial/OpenBSD/uWSGI/

#pkg_add py3-setuptools
#cd /root
#git clone https://github.com/unbit/uwsgi.git
#cd uwsgi
#make
#make install
#./uwsgi --version
2.1-dev+89cb161c
#mv /usr/local/bin/uwsgi /usr/local/bin/uwsgi.old
#ln -s /root/uwsgi/uwsgi /usr/local/bin/uwsgi
#shutdown -r now

Now I get less bad errors at login:

starting package daemons: postgresql nginx php81_fpm dovecot cland freshclam ama visd postfix mimmjadmin(failed) iredapd iredadmin(failed) fail2ban(failed) gemu_ ga.

# cd mlmmjadmin-3.3.1
# cd tools
# bash upgrade_mlmmjadmin.sh
* Detected Linux/BSD distribution: OPENBSD
* Checking Python 3.
* Checking required Python(-3) modules:
+ [required] psycopg2
* Found mlmmjadmin: /opt/mlmmjadmin, symbol link of /opt/mlmmjadmin-3.3.1
* Found old config file: /opt/mlmmjadmin/settings.py
* Copying new version to /opt/mlmmjadmin-3.3.1
* Copy /opt/mlmmjadmin/settings.py.
cp: /opt/mlmmjadmin-3.3.1/settings.py and /opt/mlmmjadmin/settings.py are identical (not copied).
* Removing old symbol link /opt/mlmmjadmin
* Creating symbol link: /opt/mlmmjadmin-3.3.1 -> /opt/mlmmjadmin
* Copy SysV init script.
* mlmmjadmin has been successfully upgraded.
* Restarting service: mlmmjadmin.
mlmmjadmin(failed)
Failed, please restart service 'mlmmjadmin' manually.
* Sync mailing list profiles to SQL/LDAP.
No mailing list found. Abort.
* Upgrading completed.
<<< NOTE >>> If mlmmjadmin doesn't work as expected, please post your issue in
<<< NOTE >>> our online support forum: http://www.iredmail.org/forum/
% doas rcctl restart mlmmjadmin
mlmmjadmin(failed)

mlmmjadmin install still fails

mlmmjadmin, iredadmin, and fail2ban all fail to load at all

Can I compile mlmmjadmin, iredadmin, and fail2ban from source? If so, please provide git repositories to clone.

**ZhangHuangbin** · 2025-02-24 12:14:20

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,281

Re: OpenBSD 7.6 and iRedMail 1.7.2

Run:

pip3 install -U --break-system-packages uwsgi

**Neovana** · 2025-02-25 01:46:32

Neovana
Member
Offline

Registered: 2023-05-10
Posts: 58

Re: OpenBSD 7.6 and iRedMail 1.7.2

ZhangHuangbin wrote:

Run:
# pip3 install -U --break-system-packages uwsgi

Ok, after using that command I was successfully able to install mlmmjadmin-3.3.1.

Now the only service that is failing to run is:

fail2ban(failed)

% doas fail2ban-client -x reload
Traceback (most recent call last):
File "/usr/local/bin/fail2ban-client", line 34, in <module>
from fail2ban.client.fail2banclient import exec_command_line, sys
ModuleNotFoundError: No module named 'fail2ban'
% doas fail2ban-python --version"
Python 3.11.10
% doas pip show fail2ban
WARNING: Package(s) not found: fail2ban
% cat /var/log/fail2ban.log
2025-01-17T06:00:01.917Z mail newsyslog[13721]: logfile turned over

I believe that I need to reinstall fail2ban. I ran:

# cd /root/fail2ban-1.1.0
# python3 setup.py install
% doas rcctl start fail2ban
fail2ban(ok)

No errors on boot!

Do I need to re-configure jails?

**ZhangHuangbin** · 2025-02-25 08:39:40

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,281

Re: OpenBSD 7.6 and iRedMail 1.7.2

Neovana wrote:

Do I need to re-configure jails?

Run "fail2ban-client status", does it list any jails?

**Neovana** · 2025-02-26 07:55:18

Neovana
Member
Offline

Registered: 2023-05-10
Posts: 58

Re: OpenBSD 7.6 and iRedMail 1.7.2

ZhangHuangbin wrote:

Neovana wrote:
Do I need to re-configure jails?
Run "fail2ban-client status", does it list any jails?

% doas fail2ban-client status"
Status
|- Number of jail: 6
`- Jail list: dovecot, nginx-http-auth, postfix, pregreet, roundcube, sshd

That looks good.

I am seeing some errors:

Feb 25 17:44:11 mail fail2ban.utils[60448]: ERROR f3f06e54b00 -- exec: ['f2bV_ipjailmatches=$0 \n/usr/local/bin/fail2ban_banned_db ban 35.185.248.86 80,443,25,587,465,110,995,143,993,4190 tcp pregreet 1 $f2bV_ipjailmatches', 'Feb 25 17:44:09 mail postfix/postscreen[98862]: PREGREET 18 after 0 from [35.185.248.86]:34304: EHLO example.com\\r\\n']
Feb 25 17:44:11 mail fail2ban.utils[60448]: ERROR f3f06e54b00 -- stderr: 'env: bash: No such file or directory'
Feb 25 17:44:11 mail fail2ban.utils[60448]: ERROR f3f06e54b00 -- returned 127
Feb 25 17:44:11 mail fail2ban.utils[60448]: ERROR f3f06e48140 -- exec: ['f2bV_ipjailmatches=$0 \n/usr/local/bin/fail2ban_banned_db ban 35.185.248.86 80,443,25,587,465,110,995,143,993,4190 tcp pregreet 1 $f2bV_ipjailmatches', 'Feb 25 17:44:09 mail postfix/postscreen[98862]: PREGREET 18 after 0 from [35.185.248.86]:34304: EHLO example.com\\r\\n']
Feb 25 17:44:11 mail fail2ban.utils[60448]: ERROR f3f06e48140 -- stderr: 'env: bash: No such file or directory'
Feb 25 17:44:11 mail fail2ban.utils[60448]: ERROR f3f06e48140 -- returned 127
Feb 25 17:44:11 mail fail2ban.actions[60448]: ERROR Failed to execute ban jail 'pregreet' action 'banned_db' info 'ActionInfo({'ip': '35.185.248.86', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0xf3ed89c4220>, 'ipjailmatches': 'Feb 25 17:44:09 mail postfix/postscreen[98862]: PREGREET 18 after 0 from [35.185.248.86]:34304: EHLO example.com\\r\\n', 'ipjailfailures': 1, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0xf3ed89c49a0>})': Error banning 35.185.248.86

So I changed the shebang line in /usr/local/bin/fail2ban_banned_db to:

#!/usr/local/bin/bash

**ZhangHuangbin** · 2025-02-26 08:34:00

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,281

Re: OpenBSD 7.6 and iRedMail 1.7.2

Neovana wrote:

So I changed the shebang line in /usr/local/bin/fail2ban_banned_db to:

Fixed in iRedMail moment ago:
https://github.com/iredmail/iRedMail/co … f2fed24b31

**Neovana** · 2025-02-26 13:29:09

Neovana
Member
Offline

Registered: 2023-05-10
Posts: 58

Re: OpenBSD 7.6 and iRedMail 1.7.2

fail2ban is not working as intended:

Feb 25 23:22:22 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:22:22
Feb 25 23:22:22 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:22:22
Feb 25 23:22:29 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:22:29
Feb 25 23:22:29 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:22:29
Feb 25 23:22:40 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:22:40
Feb 25 23:22:40 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:22:40
Feb 25 23:22:40 mail fail2ban.actions[60448]: NOTICE [postfix] Ban 217.154.50.237
Feb 25 23:22:51 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:22:50
Feb 25 23:22:51 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:22:51
Feb 25 23:23:01 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:23:01
Feb 25 23:23:01 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:23:01
Feb 25 23:23:01 mail fail2ban.actions[60448]: NOTICE [postfix] 217.154.50.237 already banned
F
Feb 25 23:23:04 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:23:04
Feb 25 23:23:04 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:23:04
Feb 25 23:23:10 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:23:10
Feb 25 23:23:10 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:23:10
Feb 25 23:23:21 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:23:21
Feb 25 23:23:21 mail fail2ban.actions[60448]: NOTICE [postfix] 217.154.50.237 already banned
Feb 25 23:23:21 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:23:21
Feb 25 23:23:32 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:23:32
Feb 25 23:23:32 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:23:32
Feb 25 23:23:43 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:23:42
Feb 25 23:23:43 mail fail2ban.filter[60448]: INFO [postfix] Found 217.154.50.237 - 2025-02-25 23:23:42
Feb 25 23:23:43 mail fail2ban.actions[60448]: WARNING [postfix] 217.154.50.237 already banned

This loop goes on for 581 lines (and 30 minutes). fail2ban is apparently not blocking the connections. This is confirmed in /var/log/maillog. My server is getting hammered.

I tried restarting the service, but did not see any errors:

Feb 26 00:39:53 mail fail2ban.server[7329]: INFO --------------------------------------------------
Feb 26 00:39:53 mail fail2ban.server[7329]: INFO Starting Fail2ban v1.1.0
Feb 26 00:39:53 mail fail2ban.server[7329]: INFO Daemon started
Feb 26 00:39:53 mail fail2ban.observer[7329]: INFO Observer start...
Feb 26 00:39:53 mail fail2ban.database[7329]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Creating new jail 'sshd'
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Jail 'sshd' uses poller {}
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Initiated 'polling' backend
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO maxLines: 1
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO maxRetry: 5
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO findtime: 3600
Feb 26 00:39:53 mail fail2ban.actions[7329]: INFO banTime: 3600
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO encoding: UTF-8
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO Added logfile: '/var/log/authlog' (pos = ###, hash = ###)
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Creating new jail 'nginx-http-auth'
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Jail 'nginx-http-auth' uses poller {}
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Initiated 'polling' backend
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO maxRetry: 5
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO findtime: 3600
Feb 26 00:39:53 mail fail2ban.actions[7329]: INFO banTime: 3600
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO encoding: UTF-8
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO Added logfile: '/var/www/logs/error.log' (pos = ###, hash = ###)
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Creating new jail 'postfix'
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Jail 'postfix' uses poller {}
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Initiated 'polling' backend
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO maxRetry: 5
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO findtime: 3600
Feb 26 00:39:53 mail fail2ban.actions[7329]: INFO banTime: 3600
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO encoding: UTF-8
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO Added logfile: '/var/log/maillog' (pos = ###, hash = ###)
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Creating new jail 'dovecot'
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Jail 'dovecot' uses poller {}
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Initiated 'polling' backend
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO maxRetry: 5
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO findtime: 3600
Feb 26 00:39:53 mail fail2ban.actions[7329]: INFO banTime: 3600
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO encoding: UTF-8
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO Added logfile: '/var/log/dovecot/dovecot.log' (pos = ###, hash = ###)
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Creating new jail 'pregreet'
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Jail 'pregreet' uses poller {}
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Initiated 'polling' backend
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO maxRetry: 1
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO findtime: 3600
Feb 26 00:39:53 mail fail2ban.actions[7329]: INFO banTime: 3600
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO encoding: UTF-8
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO Added logfile: '/var/log/maillog' (pos = ###, hash = ###)
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Creating new jail 'roundcube'
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Jail 'roundcube' uses poller {}
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Initiated 'polling' backend
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO maxRetry: 5
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO findtime: 3600
Feb 26 00:39:53 mail fail2ban.actions[7329]: INFO banTime: 3600
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO encoding: UTF-8
Feb 26 00:39:53 mail fail2ban.filter[7329]: INFO Added logfile: '/var/log/maillog' (pos = ###, hash = ###)
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Jail 'sshd' started
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Jail 'nginx-http-auth' started
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Jail 'postfix' started
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Jail 'dovecot' started
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Jail 'pregreet' started
Feb 26 00:39:53 mail fail2ban.jail[7329]: INFO Jail 'roundcube' started

I do have a fail2ban table in pf:

% doas pfctl -sr
block drop log all
block drop in quick on egress proto tcp from <fail2ban> to any

But the IP addresses are clearly not being added to the pf table, otherwise the connections (and log entries) would have stopped.

I'm not finding the code that adds banned IPs to the pf table fail2ban, like:

actionban = pfctl -t fail2ban -T add <ip>
actionunban = pfctl -t fail2ban -T delete <ip>

**ZhangHuangbin** · 2025-02-27 17:10:40

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,281

Re: OpenBSD 7.6 and iRedMail 1.7.2

What's the fail2ban action defined in jails (/etc/fail2ban/jail.d/*.local)? Is it `pf`?
For example, dovecot.local:

[dovecot]
...
action      = pf[...]

**Neovana** · 2025-02-27 17:21:23

Neovana
Member
Offline

Registered: 2023-05-10
Posts: 58

Re: OpenBSD 7.6 and iRedMail 1.7.2

# cat /etc/fail2ban/jail.d/*.local | grep action
action = pf[name=dovecot, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
action = pf[name=nginx, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
action = pf[name=pregreet, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
action = pf[name=postfix, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
action = pf[name=roundcube, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
action = pf[name=sogo, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
action = pf[name=sshd, port="22", protocol=tcp]

# fail2ban-client banned
[{'sshd': []}, {'nginx-http-auth': []}, {'postfix': ['137.59.106.33']}, {'dovecot': []}, {'pregreet': []}, {'roundcube': []}]
# doas fail2ban-client status postfix
Status for the jail: postfix
|- Filter
| |- Currently failed: 10
| |- Total failed: 305
| `- File list: /var/log/maillog
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 137.59.106.33
# pfctl -t fail2ban -vTs
#
# pfctl -vvsTables
-pa-r-- fail2ban
Addresses: 0
Cleared: Wed Feb 26 01:27:26 2025
References: [ Anchors: 0 Rules: 1 ]
Evaluations: [ NoMatch: 11667 Match: 0 ]
In/Block: [ Packets: 0 Bytes: 0 ]
In/Match: [ Packets: 0 Bytes: 0 ]
In/Pass: [ Packets: 0 Bytes: 0 ]
In/XPass: [ Packets: 0 Bytes: 0 ]
Out/Block: [ Packets: 0 Bytes: 0 ]
Out/Match: [ Packets: 0 Bytes: 0 ]
Out/Pass: [ Packets: 0 Bytes: 0 ]
Out/XPass: [ Packets: 0 Bytes: 0 ]
% cat /var/log/maillog | grep 137.59.106.33
Feb 27 02:22:11 mail postfix/submission/smtpd[17472]: connect from unknown[137.59.106.33]
Feb 27 02:22:11 mail postfix/submission/smtpd[17472]: lost connection after CONNECT from unknown[137.59.106.33]
Feb 27 02:22:11 mail postfix/submission/smtpd[17472]: disconnect from unknown[137.59.106.33] commands=0/0
Feb 27 02:32:11 mail postfix/anvil[34131]: statistics: max connection rate 1/60s for (submission:137.59.106.33) at Feb 27 02:22:11
Feb 27 02:32:11 mail postfix/anvil[34131]: statistics: max connection count 1 for (submission:137.59.106.33) at Feb 27 02:22:11
Feb 27 02:33:04 mail postfix/submission/smtpd[17472]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:33:04 mail postfix/submission/smtpd[17472]: connect from unknown[137.59.106.33]
Feb 27 02:33:06 mail postfix/submission/smtpd[17472]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:33:12 mail postfix/submission/smtpd[17472]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:33:12 mail postfix/submission/smtpd[17472]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:33:12 mail postfix/submission/smtpd[17472]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 02:34:55 mail postfix/submission/smtpd[17472]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:34:55 mail postfix/submission/smtpd[17472]: connect from unknown[137.59.106.33]
Feb 27 02:34:56 mail postfix/submission/smtpd[17472]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:34:59 mail postfix/submission/smtpd[17472]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:34:59 mail postfix/submission/smtpd[17472]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:34:59 mail postfix/submission/smtpd[17472]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 02:36:56 mail postfix/submission/smtpd[24606]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:36:56 mail postfix/submission/smtpd[24606]: connect from unknown[137.59.106.33]
Feb 27 02:36:59 mail postfix/submission/smtpd[24606]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:37:01 mail postfix/submission/smtpd[24606]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:37:01 mail postfix/submission/smtpd[24606]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:37:01 mail postfix/submission/smtpd[24606]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 02:39:06 mail postfix/submission/smtpd[36329]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:39:06 mail postfix/submission/smtpd[36329]: connect from unknown[137.59.106.33]
Feb 27 02:39:07 mail postfix/submission/smtpd[36329]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:39:10 mail postfix/submission/smtpd[36329]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:39:10 mail postfix/submission/smtpd[36329]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:39:10 mail postfix/submission/smtpd[36329]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 02:41:14 mail postfix/submission/smtpd[36329]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:41:14 mail postfix/submission/smtpd[36329]: connect from unknown[137.59.106.33]
Feb 27 02:41:16 mail postfix/submission/smtpd[36329]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:41:19 mail postfix/submission/smtpd[36329]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:41:19 mail postfix/submission/smtpd[36329]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:41:19 mail postfix/submission/smtpd[36329]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 02:42:11 mail postfix/anvil[34131]: statistics: max connection rate 1/60s for (submission:137.59.106.33) at Feb 27 02:33:04
Feb 27 02:42:11 mail postfix/anvil[34131]: statistics: max connection count 1 for (submission:137.59.106.33) at Feb 27 02:33:04
Feb 27 02:43:36 mail postfix/submission/smtpd[36329]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:43:36 mail postfix/submission/smtpd[36329]: connect from unknown[137.59.106.33]
Feb 27 02:43:41 mail postfix/submission/smtpd[36329]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:43:44 mail postfix/submission/smtpd[36329]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:43:45 mail postfix/submission/smtpd[36329]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:43:45 mail postfix/submission/smtpd[36329]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 02:45:45 mail postfix/submission/smtpd[36329]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:45:45 mail postfix/submission/smtpd[36329]: connect from unknown[137.59.106.33]
Feb 27 02:45:46 mail postfix/submission/smtpd[36329]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:45:48 mail postfix/submission/smtpd[36329]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:45:48 mail postfix/submission/smtpd[36329]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:45:48 mail postfix/submission/smtpd[36329]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 02:47:57 mail postfix/submission/smtpd[36329]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:47:57 mail postfix/submission/smtpd[36329]: connect from unknown[137.59.106.33]
Feb 27 02:47:58 mail postfix/submission/smtpd[36329]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:48:02 mail postfix/submission/smtpd[36329]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:48:03 mail postfix/submission/smtpd[36329]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:48:03 mail postfix/submission/smtpd[36329]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 02:50:09 mail postfix/submission/smtpd[18072]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:50:09 mail postfix/submission/smtpd[18072]: connect from unknown[137.59.106.33]
Feb 27 02:50:11 mail postfix/submission/smtpd[18072]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:50:13 mail postfix/submission/smtpd[18072]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:50:13 mail postfix/submission/smtpd[18072]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:50:13 mail postfix/submission/smtpd[18072]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 02:52:11 mail postfix/anvil[34131]: statistics: max connection rate 1/60s for (submission:137.59.106.33) at Feb 27 02:43:36
Feb 27 02:52:11 mail postfix/anvil[34131]: statistics: max connection count 1 for (submission:137.59.106.33) at Feb 27 02:43:36
Feb 27 02:52:37 mail postfix/submission/smtpd[36329]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:52:37 mail postfix/submission/smtpd[36329]: connect from unknown[137.59.106.33]
Feb 27 02:52:43 mail postfix/submission/smtpd[36329]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:52:46 mail postfix/submission/smtpd[36329]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:52:46 mail postfix/submission/smtpd[36329]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:52:46 mail postfix/submission/smtpd[36329]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 02:54:51 mail postfix/submission/smtpd[36329]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:54:51 mail postfix/submission/smtpd[36329]: connect from unknown[137.59.106.33]
Feb 27 02:54:52 mail postfix/submission/smtpd[36329]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:54:55 mail postfix/submission/smtpd[36329]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:54:55 mail postfix/submission/smtpd[36329]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:54:55 mail postfix/submission/smtpd[36329]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 02:57:05 mail postfix/submission/smtpd[36329]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:57:05 mail postfix/submission/smtpd[36329]: connect from unknown[137.59.106.33]
Feb 27 02:57:06 mail postfix/submission/smtpd[36329]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:57:09 mail postfix/submission/smtpd[36329]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:57:09 mail postfix/submission/smtpd[36329]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:57:09 mail postfix/submission/smtpd[36329]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 02:59:25 mail postfix/submission/smtpd[36329]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 02:59:25 mail postfix/submission/smtpd[36329]: connect from unknown[137.59.106.33]
Feb 27 02:59:27 mail postfix/submission/smtpd[36329]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 02:59:29 mail postfix/submission/smtpd[36329]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 02:59:29 mail postfix/submission/smtpd[36329]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 02:59:29 mail postfix/submission/smtpd[36329]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:01:56 mail postfix/submission/smtpd[36329]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:01:56 mail postfix/submission/smtpd[36329]: connect from unknown[137.59.106.33]
Feb 27 03:01:57 mail postfix/submission/smtpd[36329]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:02:00 mail postfix/submission/smtpd[36329]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:02:00 mail postfix/submission/smtpd[36329]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:02:00 mail postfix/submission/smtpd[36329]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:02:11 mail postfix/anvil[34131]: statistics: max connection rate 1/60s for (submission:137.59.106.33) at Feb 27 02:52:37
Feb 27 03:02:11 mail postfix/anvil[34131]: statistics: max connection count 1 for (submission:137.59.106.33) at Feb 27 02:52:37
Feb 27 03:04:18 mail postfix/submission/smtpd[48147]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:04:18 mail postfix/submission/smtpd[48147]: connect from unknown[137.59.106.33]
Feb 27 03:04:20 mail postfix/submission/smtpd[48147]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:04:25 mail postfix/submission/smtpd[48147]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:04:25 mail postfix/submission/smtpd[48147]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:04:25 mail postfix/submission/smtpd[48147]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:06:33 mail postfix/submission/smtpd[48147]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:06:33 mail postfix/submission/smtpd[48147]: connect from unknown[137.59.106.33]
Feb 27 03:06:34 mail postfix/submission/smtpd[48147]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:06:37 mail postfix/submission/smtpd[48147]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:06:37 mail postfix/submission/smtpd[48147]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:06:37 mail postfix/submission/smtpd[48147]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:08:51 mail postfix/submission/smtpd[48147]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:08:51 mail postfix/submission/smtpd[48147]: connect from unknown[137.59.106.33]
Feb 27 03:08:52 mail postfix/submission/smtpd[48147]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:08:54 mail postfix/submission/smtpd[48147]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:08:54 mail postfix/submission/smtpd[48147]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:08:54 mail postfix/submission/smtpd[48147]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:11:26 mail postfix/submission/smtpd[48147]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:11:26 mail postfix/submission/smtpd[48147]: connect from unknown[137.59.106.33]
Feb 27 03:11:34 mail postfix/submission/smtpd[48147]: SSL_accept error from unknown[137.59.106.33]: lost connection
Feb 27 03:11:34 mail postfix/submission/smtpd[48147]: lost connection after STARTTLS from unknown[137.59.106.33]
Feb 27 03:11:34 mail postfix/submission/smtpd[48147]: disconnect from unknown[137.59.106.33] ehlo=1 starttls=0/1 commands=1/2
Feb 27 03:12:11 mail postfix/anvil[34131]: statistics: max connection rate 1/60s for (submission:137.59.106.33) at Feb 27 03:04:18
Feb 27 03:12:11 mail postfix/anvil[34131]: statistics: max connection count 1 for (submission:137.59.106.33) at Feb 27 03:04:18
Feb 27 03:13:49 mail postfix/submission/smtpd[48147]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:13:49 mail postfix/submission/smtpd[48147]: connect from unknown[137.59.106.33]
Feb 27 03:13:50 mail postfix/submission/smtpd[48147]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:13:53 mail postfix/submission/smtpd[48147]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:13:54 mail postfix/submission/smtpd[48147]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:13:54 mail postfix/submission/smtpd[48147]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:16:00 mail postfix/submission/smtpd[48147]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:16:00 mail postfix/submission/smtpd[48147]: connect from unknown[137.59.106.33]
Feb 27 03:16:01 mail postfix/submission/smtpd[48147]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:16:04 mail postfix/submission/smtpd[48147]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:16:04 mail postfix/submission/smtpd[48147]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:16:04 mail postfix/submission/smtpd[48147]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:18:18 mail postfix/submission/smtpd[48147]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:18:18 mail postfix/submission/smtpd[48147]: connect from unknown[137.59.106.33]
Feb 27 03:18:19 mail postfix/submission/smtpd[48147]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:18:22 mail postfix/submission/smtpd[48147]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:18:22 mail postfix/submission/smtpd[48147]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:18:22 mail postfix/submission/smtpd[48147]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:20:36 mail postfix/submission/smtpd[48147]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:20:36 mail postfix/submission/smtpd[48147]: connect from unknown[137.59.106.33]
Feb 27 03:20:37 mail postfix/submission/smtpd[48147]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:20:39 mail postfix/submission/smtpd[48147]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:20:39 mail postfix/submission/smtpd[48147]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:20:39 mail postfix/submission/smtpd[48147]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:22:11 mail postfix/anvil[34131]: statistics: max connection rate 1/60s for (submission:137.59.106.33) at Feb 27 03:13:49
Feb 27 03:22:11 mail postfix/anvil[34131]: statistics: max connection count 1 for (submission:137.59.106.33) at Feb 27 03:13:49
Feb 27 03:22:57 mail postfix/submission/smtpd[48147]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:22:57 mail postfix/submission/smtpd[48147]: connect from unknown[137.59.106.33]
Feb 27 03:22:58 mail postfix/submission/smtpd[48147]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:23:01 mail postfix/submission/smtpd[48147]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:23:01 mail postfix/submission/smtpd[48147]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:23:01 mail postfix/submission/smtpd[48147]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:25:14 mail postfix/submission/smtpd[78650]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:25:14 mail postfix/submission/smtpd[78650]: connect from unknown[137.59.106.33]
Feb 27 03:25:24 mail postfix/submission/smtpd[78650]: lost connection after CONNECT from unknown[137.59.106.33]
Feb 27 03:25:24 mail postfix/submission/smtpd[78650]: disconnect from unknown[137.59.106.33] commands=0/0
Feb 27 03:27:32 mail postfix/submission/smtpd[78650]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:27:32 mail postfix/submission/smtpd[78650]: connect from unknown[137.59.106.33]
Feb 27 03:27:39 mail postfix/submission/smtpd[78650]: lost connection after CONNECT from unknown[137.59.106.33]
Feb 27 03:27:39 mail postfix/submission/smtpd[78650]: disconnect from unknown[137.59.106.33] commands=0/0
Feb 27 03:29:44 mail postfix/submission/smtpd[78650]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:29:44 mail postfix/submission/smtpd[78650]: connect from unknown[137.59.106.33]
Feb 27 03:29:54 mail postfix/submission/smtpd[78650]: lost connection after CONNECT from unknown[137.59.106.33]
Feb 27 03:29:54 mail postfix/submission/smtpd[78650]: disconnect from unknown[137.59.106.33] commands=0/0
Feb 27 03:32:11 mail postfix/anvil[34131]: statistics: max connection rate 1/60s for (submission:137.59.106.33) at Feb 27 03:22:57
Feb 27 03:32:11 mail postfix/anvil[34131]: statistics: max connection count 1 for (submission:137.59.106.33) at Feb 27 03:22:57
Feb 27 03:32:15 mail postfix/submission/smtpd[78650]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:32:15 mail postfix/submission/smtpd[78650]: connect from unknown[137.59.106.33]
Feb 27 03:32:18 mail postfix/submission/smtpd[78650]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:32:20 mail postfix/submission/smtpd[78650]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:32:20 mail postfix/submission/smtpd[78650]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:32:20 mail postfix/submission/smtpd[78650]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:34:44 mail postfix/submission/smtpd[78650]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:34:44 mail postfix/submission/smtpd[78650]: connect from unknown[137.59.106.33]
Feb 27 03:34:45 mail postfix/submission/smtpd[78650]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:34:47 mail postfix/submission/smtpd[78650]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:34:47 mail postfix/submission/smtpd[78650]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:34:47 mail postfix/submission/smtpd[78650]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:36:59 mail postfix/submission/smtpd[78555]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:36:59 mail postfix/submission/smtpd[78555]: connect from unknown[137.59.106.33]
Feb 27 03:37:00 mail postfix/submission/smtpd[78555]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:37:03 mail postfix/submission/smtpd[78555]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:37:03 mail postfix/submission/smtpd[78555]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:37:03 mail postfix/submission/smtpd[78555]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:39:14 mail postfix/submission/smtpd[35321]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:39:14 mail postfix/submission/smtpd[35321]: connect from unknown[137.59.106.33]
Feb 27 03:39:15 mail postfix/submission/smtpd[35321]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:39:18 mail postfix/submission/smtpd[35321]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:39:18 mail postfix/submission/smtpd[35321]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:39:18 mail postfix/submission/smtpd[35321]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:41:53 mail postfix/submission/smtpd[78650]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:41:53 mail postfix/submission/smtpd[78650]: connect from unknown[137.59.106.33]
Feb 27 03:41:54 mail postfix/submission/smtpd[78650]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:41:57 mail postfix/submission/smtpd[78650]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:41:57 mail postfix/submission/smtpd[78650]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:41:57 mail postfix/submission/smtpd[78650]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:42:11 mail postfix/anvil[34131]: statistics: max connection rate 1/60s for (submission:137.59.106.33) at Feb 27 03:32:15
Feb 27 03:42:11 mail postfix/anvil[34131]: statistics: max connection count 1 for (submission:137.59.106.33) at Feb 27 03:32:15
Feb 27 03:44:08 mail postfix/submission/smtpd[78650]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:44:08 mail postfix/submission/smtpd[78650]: connect from unknown[137.59.106.33]
Feb 27 03:44:09 mail postfix/submission/smtpd[78650]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:44:12 mail postfix/submission/smtpd[78650]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:44:12 mail postfix/submission/smtpd[78650]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:44:12 mail postfix/submission/smtpd[78650]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:46:26 mail postfix/submission/smtpd[78650]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:46:26 mail postfix/submission/smtpd[78650]: connect from unknown[137.59.106.33]
Feb 27 03:46:28 mail postfix/submission/smtpd[78650]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:46:31 mail postfix/submission/smtpd[78650]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:46:31 mail postfix/submission/smtpd[78650]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:46:31 mail postfix/submission/smtpd[78650]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:48:47 mail postfix/submission/smtpd[78650]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:48:47 mail postfix/submission/smtpd[78650]: connect from unknown[137.59.106.33]
Feb 27 03:48:48 mail postfix/submission/smtpd[78650]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:48:50 mail postfix/submission/smtpd[78650]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:48:50 mail postfix/submission/smtpd[78650]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:48:50 mail postfix/submission/smtpd[78650]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:51:19 mail postfix/submission/smtpd[78650]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:51:19 mail postfix/submission/smtpd[78650]: connect from unknown[137.59.106.33]
Feb 27 03:51:20 mail postfix/submission/smtpd[78650]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:51:23 mail postfix/submission/smtpd[78650]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:51:23 mail postfix/submission/smtpd[78650]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:51:23 mail postfix/submission/smtpd[78650]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:52:11 mail postfix/anvil[34131]: statistics: max connection rate 1/60s for (submission:137.59.106.33) at Feb 27 03:44:08
Feb 27 03:52:11 mail postfix/anvil[34131]: statistics: max connection count 1 for (submission:137.59.106.33) at Feb 27 03:44:08
Feb 27 03:53:44 mail postfix/submission/smtpd[78650]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:53:44 mail postfix/submission/smtpd[78650]: connect from unknown[137.59.106.33]
Feb 27 03:53:46 mail postfix/submission/smtpd[78650]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:53:49 mail postfix/submission/smtpd[78650]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:53:49 mail postfix/submission/smtpd[78650]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:53:49 mail postfix/submission/smtpd[78650]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:55:55 mail postfix/submission/smtpd[78650]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:55:55 mail postfix/submission/smtpd[78650]: connect from unknown[137.59.106.33]
Feb 27 03:55:57 mail postfix/submission/smtpd[78650]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:56:00 mail postfix/submission/smtpd[78650]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:56:00 mail postfix/submission/smtpd[78650]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:56:00 mail postfix/submission/smtpd[78650]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 03:58:14 mail postfix/submission/smtpd[34559]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 03:58:14 mail postfix/submission/smtpd[34559]: connect from unknown[137.59.106.33]
Feb 27 03:58:15 mail postfix/submission/smtpd[34559]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 03:58:18 mail postfix/submission/smtpd[34559]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 03:58:18 mail postfix/submission/smtpd[34559]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 03:58:18 mail postfix/submission/smtpd[34559]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:00:43 mail postfix/submission/smtpd[34559]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:00:43 mail postfix/submission/smtpd[34559]: connect from unknown[137.59.106.33]
Feb 27 04:00:44 mail postfix/submission/smtpd[34559]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:00:46 mail postfix/submission/smtpd[34559]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:00:46 mail postfix/submission/smtpd[34559]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:00:46 mail postfix/submission/smtpd[34559]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:03:17 mail postfix/submission/smtpd[34559]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:03:17 mail postfix/submission/smtpd[34559]: connect from unknown[137.59.106.33]
Feb 27 04:03:18 mail postfix/submission/smtpd[34559]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:03:21 mail postfix/submission/smtpd[34559]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:03:21 mail postfix/submission/smtpd[34559]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:03:21 mail postfix/submission/smtpd[34559]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:05:34 mail postfix/submission/smtpd[34559]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:05:34 mail postfix/submission/smtpd[34559]: connect from unknown[137.59.106.33]
Feb 27 04:05:36 mail postfix/submission/smtpd[34559]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:05:39 mail postfix/submission/smtpd[34559]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:05:39 mail postfix/submission/smtpd[34559]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:05:39 mail postfix/submission/smtpd[34559]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:07:51 mail postfix/submission/smtpd[34559]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:07:51 mail postfix/submission/smtpd[34559]: connect from unknown[137.59.106.33]
Feb 27 04:07:53 mail postfix/submission/smtpd[34559]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:07:56 mail postfix/submission/smtpd[34559]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:07:56 mail postfix/submission/smtpd[34559]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:07:56 mail postfix/submission/smtpd[34559]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:10:21 mail postfix/submission/smtpd[34559]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:10:21 mail postfix/submission/smtpd[34559]: connect from unknown[137.59.106.33]
Feb 27 04:10:22 mail postfix/submission/smtpd[34559]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:10:26 mail postfix/submission/smtpd[34559]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:10:27 mail postfix/submission/smtpd[34559]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:10:27 mail postfix/submission/smtpd[34559]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:12:11 mail postfix/anvil[34131]: statistics: max connection rate 1/60s for (submission:137.59.106.33) at Feb 27 04:03:17
Feb 27 04:12:11 mail postfix/anvil[34131]: statistics: max connection count 1 for (submission:137.59.106.33) at Feb 27 04:03:17
Feb 27 04:12:58 mail postfix/submission/smtpd[34559]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:12:58 mail postfix/submission/smtpd[34559]: connect from unknown[137.59.106.33]
Feb 27 04:13:00 mail postfix/submission/smtpd[34559]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:13:02 mail postfix/submission/smtpd[34559]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:13:02 mail postfix/submission/smtpd[34559]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:13:02 mail postfix/submission/smtpd[34559]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:15:18 mail postfix/submission/smtpd[42569]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:15:18 mail postfix/submission/smtpd[42569]: connect from unknown[137.59.106.33]
Feb 27 04:15:19 mail postfix/submission/smtpd[42569]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:15:23 mail postfix/submission/smtpd[42569]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:15:23 mail postfix/submission/smtpd[42569]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:15:23 mail postfix/submission/smtpd[42569]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:17:37 mail postfix/submission/smtpd[42569]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:17:37 mail postfix/submission/smtpd[42569]: connect from unknown[137.59.106.33]
Feb 27 04:17:39 mail postfix/submission/smtpd[42569]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:17:42 mail postfix/submission/smtpd[42569]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:17:43 mail postfix/submission/smtpd[42569]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:17:43 mail postfix/submission/smtpd[42569]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:19:56 mail postfix/submission/smtpd[42569]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:19:56 mail postfix/submission/smtpd[42569]: connect from unknown[137.59.106.33]
Feb 27 04:19:57 mail postfix/submission/smtpd[42569]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:20:00 mail postfix/submission/smtpd[42569]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:20:00 mail postfix/submission/smtpd[42569]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:20:00 mail postfix/submission/smtpd[42569]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:22:11 mail postfix/anvil[34131]: statistics: max connection rate 1/60s for (submission:137.59.106.33) at Feb 27 04:12:58
Feb 27 04:22:11 mail postfix/anvil[34131]: statistics: max connection count 1 for (submission:137.59.106.33) at Feb 27 04:12:58
Feb 27 04:22:34 mail postfix/submission/smtpd[86261]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:22:34 mail postfix/submission/smtpd[86261]: connect from unknown[137.59.106.33]
Feb 27 04:22:39 mail postfix/submission/smtpd[86261]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:22:44 mail postfix/submission/smtpd[86261]: lost connection after STARTTLS from unknown[137.59.106.33]
Feb 27 04:22:44 mail postfix/submission/smtpd[86261]: disconnect from unknown[137.59.106.33] ehlo=1 starttls=1 commands=2
Feb 27 04:24:59 mail postfix/submission/smtpd[86261]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:24:59 mail postfix/submission/smtpd[86261]: connect from unknown[137.59.106.33]
Feb 27 04:25:01 mail postfix/submission/smtpd[86261]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:25:06 mail postfix/submission/smtpd[86261]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:25:06 mail postfix/submission/smtpd[86261]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:25:06 mail postfix/submission/smtpd[86261]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:27:14 mail postfix/submission/smtpd[22189]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:27:14 mail postfix/submission/smtpd[22189]: connect from unknown[137.59.106.33]
Feb 27 04:27:15 mail postfix/submission/smtpd[22189]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:27:17 mail postfix/submission/smtpd[22189]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:27:17 mail postfix/submission/smtpd[22189]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:27:17 mail postfix/submission/smtpd[22189]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:29:31 mail postfix/submission/smtpd[22189]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:29:31 mail postfix/submission/smtpd[22189]: connect from unknown[137.59.106.33]
Feb 27 04:29:32 mail postfix/submission/smtpd[22189]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:29:35 mail postfix/submission/smtpd[22189]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:29:35 mail postfix/submission/smtpd[22189]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:29:35 mail postfix/submission/smtpd[22189]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:32:11 mail postfix/anvil[34131]: statistics: max connection rate 1/60s for (submission:137.59.106.33) at Feb 27 04:22:34
Feb 27 04:32:11 mail postfix/anvil[34131]: statistics: max connection count 1 for (submission:137.59.106.33) at Feb 27 04:22:34
Feb 27 04:32:11 mail postfix/submission/smtpd[22189]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:32:11 mail postfix/submission/smtpd[22189]: connect from unknown[137.59.106.33]
Feb 27 04:32:12 mail postfix/submission/smtpd[22189]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:32:15 mail postfix/submission/smtpd[22189]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:32:15 mail postfix/submission/smtpd[22189]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:32:15 mail postfix/submission/smtpd[22189]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
Feb 27 04:34:26 mail postfix/submission/smtpd[22189]: warning: hostname static-pool.tenten.vn does not resolve to address 137.59.106.33: no address associated with name
Feb 27 04:34:26 mail postfix/submission/smtpd[22189]: connect from unknown[137.59.106.33]
Feb 27 04:34:30 mail postfix/submission/smtpd[22189]: Anonymous TLS connection established from unknown[137.59.106.33]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 27 04:34:32 mail postfix/submission/smtpd[22189]: warning: unknown[137.59.106.33]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=info@example.com
Feb 27 04:34:33 mail postfix/submission/smtpd[22189]: lost connection after AUTH from unknown[137.59.106.33]
Feb 27 04:34:33 mail postfix/submission/smtpd[22189]: disconnect from unknown[137.59.106.33] ehlo=2 starttls=1 auth=0/1 commands=3/4
% cat /var/log/daemon | grep 137.59.106.33
Feb 27 02:33:12 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:33:12
Feb 27 02:33:12 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:33:12
Feb 27 02:34:59 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:34:59
Feb 27 02:34:59 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:34:59
Feb 27 02:37:01 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:37:01
Feb 27 02:37:01 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:37:01
Feb 27 02:37:01 mail fail2ban.actions[92276]: NOTICE [postfix] Ban 137.59.106.33
Feb 27 02:39:10 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:39:10
Feb 27 02:39:10 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:39:10
Feb 27 02:41:19 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:41:19
Feb 27 02:41:19 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:41:19
Feb 27 02:41:19 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 02:43:44 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:43:44
Feb 27 02:43:45 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:43:45
Feb 27 02:45:49 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:45:48
Feb 27 02:45:49 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:45:48
Feb 27 02:48:02 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:48:02
Feb 27 02:48:02 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 02:48:03 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:48:03
Feb 27 02:50:13 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:50:13
Feb 27 02:50:13 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:50:13
Feb 27 02:52:46 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:52:46
Feb 27 02:52:46 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:52:46
Feb 27 02:52:46 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 02:54:55 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:54:55
Feb 27 02:54:55 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:54:55
Feb 27 02:57:09 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:57:09
Feb 27 02:57:09 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:57:09
Feb 27 02:59:29 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:59:29
Feb 27 02:59:29 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 02:59:29
Feb 27 02:59:30 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 03:02:00 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:02:00
Feb 27 03:02:00 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:02:00
Feb 27 03:04:25 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:04:25
Feb 27 03:04:25 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:04:25
Feb 27 03:04:26 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 03:06:37 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:06:37
Feb 27 03:06:37 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:06:37
Feb 27 03:08:54 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:08:54
Feb 27 03:08:54 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:08:54
Feb 27 03:13:53 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:13:53
Feb 27 03:13:53 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 03:13:54 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:13:54
Feb 27 03:16:04 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:16:04
Feb 27 03:16:04 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:16:04
Feb 27 03:18:22 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:18:22
Feb 27 03:18:22 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:18:22
Feb 27 03:18:22 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 03:20:39 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:20:39
Feb 27 03:20:39 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:20:39
Feb 27 03:23:01 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:23:01
Feb 27 03:23:01 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:23:01
Feb 27 03:32:20 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:32:20
Feb 27 03:32:20 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:32:20
Feb 27 03:32:21 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 03:34:47 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:34:47
Feb 27 03:34:47 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:34:47
Feb 27 03:37:04 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:37:03
Feb 27 03:37:04 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:37:03
Feb 27 03:37:04 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 03:39:18 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:39:18
Feb 27 03:39:18 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:39:18
Feb 27 03:41:57 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:41:57
Feb 27 03:41:57 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:41:57
Feb 27 03:44:12 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:44:12
Feb 27 03:44:12 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:44:12
Feb 27 03:44:12 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 03:46:31 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:46:31
Feb 27 03:46:31 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:46:31
Feb 27 03:48:50 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:48:50
Feb 27 03:48:50 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:48:50
Feb 27 03:48:50 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 03:51:23 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:51:23
Feb 27 03:51:23 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:51:23
Feb 27 03:53:49 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:53:49
Feb 27 03:53:49 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:53:49
Feb 27 03:56:00 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:56:00
Feb 27 03:56:00 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:56:00
Feb 27 03:56:00 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 03:58:18 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:58:18
Feb 27 03:58:18 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 03:58:18
Feb 27 04:00:46 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:00:46
Feb 27 04:00:46 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:00:46
Feb 27 04:00:47 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 04:03:21 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:03:21
Feb 27 04:03:21 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:03:21
Feb 27 04:05:39 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:05:39
Feb 27 04:05:39 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:05:39
Feb 27 04:07:56 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:07:56
Feb 27 04:07:56 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:07:56
Feb 27 04:07:56 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 04:10:26 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:10:26
Feb 27 04:10:27 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:10:27
Feb 27 04:13:02 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:13:02
Feb 27 04:13:02 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:13:02
Feb 27 04:13:02 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 04:15:23 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:15:23
Feb 27 04:15:23 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:15:23
Feb 27 04:17:42 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:17:42
Feb 27 04:17:43 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:17:43
Feb 27 04:20:00 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:20:00
Feb 27 04:20:00 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:20:00
Feb 27 04:20:01 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 04:25:06 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:25:06
Feb 27 04:25:06 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:25:06
Feb 27 04:27:17 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:27:17
Feb 27 04:27:17 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:27:17
Feb 27 04:27:17 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 04:29:35 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:29:35
Feb 27 04:29:35 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:29:35
Feb 27 04:32:15 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:32:15
Feb 27 04:32:16 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:32:15
Feb 27 04:34:32 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:34:32
Feb 27 04:34:32 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 04:34:34 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:34:33
Feb 27 04:36:46 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:36:46
Feb 27 04:36:46 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:36:46
Feb 27 04:39:09 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:39:09
Feb 27 04:39:09 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:39:09
Feb 27 04:39:10 mail fail2ban.actions[92276]: WARNING [postfix] 137.59.106.33 already banned
Feb 27 04:41:37 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:41:37
Feb 27 04:41:37 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:41:37
Feb 27 04:44:08 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:44:08
Feb 27 04:44:08 mail fail2ban.filter[92276]: INFO [postfix] Found 137.59.106.33 - 2025-02-27 04:44:08

fail2ban apparently thinks that it has banned 137.59.106.33, but it isn't actually banning the IP(s)? Storing the ip address in a database without actually banning the IP is not the intended outcome.

Why is fail2ban not directing pfctl to ban the IP(s)? example:

actionban = /sbin/pfctl -t fail2ban -T add 137.59.106.33
actionunban = /sbin/pfctl -t fail2ban -T add 137.59.106.33

I added this line to /etc/fail2ban/jail.local:

banaction = pf

Then I rebooted the server. We'll see if that helps.

It did not work. I added this line to /etc/fail2ban/jail.local (and removed the prior):

banaction = pf[actiontype=<allports>]

It is still not actually banning IPs. Is it supposed to be banning to pf anchors and not to a table?

Also, this entry in crontab doesn't look right:

# Fail2ban: Unban IP addresses pending for removal (stored in SQL db).
* * * * * /usr/local/bin/bash /usr/local/bin/fail2ban_banned_db unban_db

I've changed that to:

# Fail2ban: Unban IP addresses pending for removal (stored in SQL db).
30 1 * * * /usr/local/bin/bash /usr/local/bin/fail2ban_banned_db unban_db

**ZhangHuangbin** · 2025-02-27 21:28:07

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,281

Re: OpenBSD 7.6 and iRedMail 1.7.2

When we use "pf" as fail2ban action, it uses file /etc/fail2ban/action.d/pf.conf.

**ZhangHuangbin** · 2025-02-27 21:29:00

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,281

Re: OpenBSD 7.6 and iRedMail 1.7.2

Neovana wrote:

Also, this entry in crontab doesn't look right:

Why do you change it to 1:30AM? we need it to run every minute.

**Neovana** · 2025-02-28 09:14:44

Neovana
Member
Offline

Registered: 2023-05-10
Posts: 58

Re: OpenBSD 7.6 and iRedMail 1.7.2

From /etc/fail2ban/action.d/pf.conf:

[Definition]
# Option: actionstart
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD
#
# we don't enable PF automatically; to enable run pfctl -e
# or add `pf_enable="YES"` to /etc/rc.conf (tested on FreeBSD)
# also, these rulesets are loaded into (nested) anchors
# to enable them, add as wildcard:
# anchor "f2b/*"
# or using jail names:
# anchor f2b {
# anchor name1
# anchor name2
# ...
# }
# to your main pf ruleset, where "namei" are the names of the jails
# which invoke this action
# to block all protocols use the pf[protocol=all] option

So it does not use the "fail2ban" table - is instead intending to use nested anchors. Which needs to be setup in /etc/pf.conf.

There is no error thrown up "table does not exist" or "anchor does not exist". Not ideal for troubleshooting.

# nano /etc/pf.conf
# Old Table for fail2ban
# table <fail2ban> persist
# block in quick on egress proto tcp from <fail2ban> to any
# New Anchor for fail2ban
anchor "f2b/*"

Looks like that's working:

% doas pfctl -a f2b/sshd -t f2b-sshd -T show && doas pfctl -a f2b/postfix -t f2b-postfix -T show && doas pfctl -a f2b/dovecot -t f2b-dovecot -T show && doas pfctl -a f2b/pregreet -t f2b-pregreet -T show && doas pfctl -a f2b/roundcube -t f2b-roundcube -T show
137.59.106.33
% doas pfctl -a f2b/sshd -s rules && doas pfctl -a f2b/postfix -s rules && doas pfctl -a f2b/dovecot -s rules && doas pfctl -a f2b/pregreet -s rules && doas pfctl -a f2b/roundcube -s rules
block drop quick proto tcp from <f2b-sshd> to any port = 22
block drop quick proto tcp from <f2b-postfix> to any port = 80
block drop quick proto tcp from <f2b-postfix> to any port = 443
block drop quick proto tcp from <f2b-postfix> to any port = 25
block drop quick proto tcp from <f2b-postfix> to any port = 587
block drop quick proto tcp from <f2b-postfix> to any port = 465
block drop quick proto tcp from <f2b-postfix> to any port = 110
block drop quick proto tcp from <f2b-postfix> to any port = 995
block drop quick proto tcp from <f2b-postfix> to any port = 143
block drop quick proto tcp from <f2b-postfix> to any port = 993
block drop quick proto tcp from <f2b-postfix> to any port = 4190
block drop quick proto tcp from <f2b-dovecot> to any port = 80
block drop quick proto tcp from <f2b-dovecot> to any port = 443
block drop quick proto tcp from <f2b-dovecot> to any port = 25
block drop quick proto tcp from <f2b-dovecot> to any port = 587
block drop quick proto tcp from <f2b-dovecot> to any port = 465
block drop quick proto tcp from <f2b-dovecot> to any port = 110
block drop quick proto tcp from <f2b-dovecot> to any port = 995
block drop quick proto tcp from <f2b-dovecot> to any port = 143
block drop quick proto tcp from <f2b-dovecot> to any port = 993
block drop quick proto tcp from <f2b-dovecot> to any port = 4190
block drop quick proto tcp from <f2b-pregreet> to any port = 80
block drop quick proto tcp from <f2b-pregreet> to any port = 443
block drop quick proto tcp from <f2b-pregreet> to any port = 25
block drop quick proto tcp from <f2b-pregreet> to any port = 587
block drop quick proto tcp from <f2b-pregreet> to any port = 465
block drop quick proto tcp from <f2b-pregreet> to any port = 110
block drop quick proto tcp from <f2b-pregreet> to any port = 995
block drop quick proto tcp from <f2b-pregreet> to any port = 143
block drop quick proto tcp from <f2b-pregreet> to any port = 993
block drop quick proto tcp from <f2b-pregreet> to any port = 4190
block drop quick proto tcp from <f2b-roundcube> to any port = 80
block drop quick proto tcp from <f2b-roundcube> to any port = 443
block drop quick proto tcp from <f2b-roundcube> to any port = 25
block drop quick proto tcp from <f2b-roundcube> to any port = 587
block drop quick proto tcp from <f2b-roundcube> to any port = 465
block drop quick proto tcp from <f2b-roundcube> to any port = 110
block drop quick proto tcp from <f2b-roundcube> to any port = 995
block drop quick proto tcp from <f2b-roundcube> to any port = 143
block drop quick proto tcp from <f2b-roundcube> to any port = 993
block drop quick proto tcp from <f2b-roundcube> to any port = 4190

…except for the nginx-http-auth…

% doas pfctl -a f2b/nginx-http-auth -s rules
pfctl: Anchor does not exist
% doas pfctl -a f2b/nginx-http-auth -t f2b-nginx-http-auth -T show
pfctl: Table does not exist
% fail2ban-regex --print-all-missed systemd-journal 'nginx-http-auth[mode=aggressive]'
Running tests
=============
Use jail : nginx-http-auth
Use jail/flt options : {'mode': 'aggressive'}
Use datepattern : {^LN-BEG} : Default Detectors
Error: systemd library not found. Exiting...
% fail2ban-client -vvvd
['add', 'nginx-http-auth', 'polling']
['set', 'nginx-http-auth', 'usedns', 'warn']
['set', 'nginx-http-auth', 'addfailregex', '^\\s*\\[error\\] \\d+#\\d+: \\*\\d+\\s+user "(?:[^"]+|.*?)":? (?:password mismatch|was not found in "[^\\"]*"), client: <HOST>, server: \\S*, request: "\\S+ \\S+ HTTP/\\d+\\.\\d+", host: "\\S+"(?:, referrer: "\\S+")?\\s*$']
['set', 'nginx-http-auth', 'datepattern', '{^LN-BEG}']
['set', 'nginx-http-auth', 'maxretry', 5]
['set', 'nginx-http-auth', 'maxmatches', 5]
['set', 'nginx-http-auth', 'findtime', '3600']
['set', 'nginx-http-auth', 'bantime', '86400']
['set', 'nginx-http-auth', 'ignorecommand', '']
['set', 'nginx-http-auth', 'addignoreip', '127.0.0.1', '127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']
['set', 'nginx-http-auth', 'logencoding', 'auto']
['set', 'nginx-http-auth', 'addlogpath', '/var/www/logs/error.log', 'head']
['set', 'nginx-http-auth', 'addaction', 'pf-nginx']
['multi-set', 'nginx-http-auth', 'action', 'pf-nginx', [['actionstart', 'echo "table <f2b-nginx> persist counters" | pfctl -a f2b/nginx -f-\nport="80,443,25,587,465,110,995,143,993,4190"; if [ "$port" != "" ] && case "$port" in \\{*) false;; esac; then port="{$port}"; fi\nprotocol="tcp"; if [ "$protocol" != "all" ]; then protocol="proto $protocol"; else protocol=all; fi\necho "block quick $protocol from <f2b-nginx> to any port $port" | pfctl -a f2b/nginx -f-'], ['actionstart_on_demand', False], ['actionstop', 'pfctl -a f2b/nginx -sr 2>/dev/null | grep -v f2b-nginx | pfctl -a f2b/nginx -f-\npfctl -a f2b/nginx -t f2b-nginx -T flush\npfctl -a f2b/nginx -t f2b-nginx -T kill'], ['actionflush', 'pfctl -a f2b/nginx -t f2b-nginx -T flush'], ['actioncheck', 'pfctl -a f2b/nginx -sr | grep -q f2b-nginx'], ['actionban', 'pfctl -a f2b/nginx -t f2b-nginx -T add <ip>'], ['actionunban', 'pfctl -a f2b/nginx -t f2b-nginx -T delete <ip>'], ['name', 'nginx'], ['port', '80,443,25,587,465,110,995,143,993,4190'], ['protocol', 'tcp'], ['actname', 'pf-nginx'], ['tablename', 'f2b'], ['block', 'block quick'], ['actiontype', '<multiport>'], ['allports', 'any'], ['multiport', 'any port $port']]]
['set', 'nginx-http-auth', 'addaction', 'banned_db-nginx']
['multi-set', 'nginx-http-auth', 'action', 'banned_db-nginx', [['actionstart', ''], ['actionstop', '/usr/local/bin/fail2ban_banned_db cleanup nginx'], ['actioncheck', ''], ['actionban', '/usr/local/bin/fail2ban_banned_db ban <ip> 80,443,25,587,465,110,995,143,993,4190 tcp nginx <ipjailfailures> <ipjailmatches>'], ['actionunban', '/usr/local/bin/fail2ban_banned_db unban <ip>'], ['name', 'nginx'], ['port', '80,443,25,587,465,110,995,143,993,4190'], ['protocol', 'tcp'], ['actname', 'banned_db-nginx']]]

Ok, so the anchor is named

f2b/nginx

and the table is named

f2b-nginx

without the "-http-auth" bits.

% doas pfctl -a f2b/nginx -s rules
block drop quick proto tcp from <f2b-nginx> to any port = 80
block drop quick proto tcp from <f2b-nginx> to any port = 443
block drop quick proto tcp from <f2b-nginx> to any port = 25
block drop quick proto tcp from <f2b-nginx> to any port = 587
block drop quick proto tcp from <f2b-nginx> to any port = 465
block drop quick proto tcp from <f2b-nginx> to any port = 110
block drop quick proto tcp from <f2b-nginx> to any port = 995
block drop quick proto tcp from <f2b-nginx> to any port = 143
block drop quick proto tcp from <f2b-nginx> to any port = 993
block drop quick proto tcp from <f2b-nginx> to any port = 4190
% doas pfctl -a f2b/nginx -t f2b-nginx -T show

No more errors.

Jan 24, 2025: iRedMail-1.7.2 has been released.

OpenBSD 7.6 and iRedMail 1.7.2 (Page 2 of 2)

Posts: 26 to 43 of 43

26 Reply by Neovana 2025-02-12 06:41:56 (edited by Neovana 2025-02-12 06:42:26)

Re: OpenBSD 7.6 and iRedMail 1.7.2

27 Reply by ZhangHuangbin 2025-02-14 19:32:31

Re: OpenBSD 7.6 and iRedMail 1.7.2

28 Reply by Neovana 2025-02-21 09:19:07 (edited by Neovana 2025-02-21 15:02:53)

Re: OpenBSD 7.6 and iRedMail 1.7.2

29 Reply by Neovana 2025-02-21 17:21:33

Re: OpenBSD 7.6 and iRedMail 1.7.2

30 Reply by Neovana 2025-02-21 17:34:48

Re: OpenBSD 7.6 and iRedMail 1.7.2

31 Reply by ZhangHuangbin 2025-02-22 13:49:30

Re: OpenBSD 7.6 and iRedMail 1.7.2

32 Reply by Neovana 2025-02-23 06:14:20 (edited by Neovana 2025-02-23 06:47:55)

Re: OpenBSD 7.6 and iRedMail 1.7.2

33 Reply by ZhangHuangbin 2025-02-24 12:14:20

Re: OpenBSD 7.6 and iRedMail 1.7.2

34 Reply by Neovana 2025-02-25 01:46:32 (edited by Neovana 2025-02-25 07:16:32)

Re: OpenBSD 7.6 and iRedMail 1.7.2

35 Reply by ZhangHuangbin 2025-02-25 08:39:40

Re: OpenBSD 7.6 and iRedMail 1.7.2

36 Reply by Neovana 2025-02-26 07:55:18 (edited by Neovana 2025-02-26 08:05:01)

Re: OpenBSD 7.6 and iRedMail 1.7.2

37 Reply by ZhangHuangbin 2025-02-26 08:34:00

Re: OpenBSD 7.6 and iRedMail 1.7.2

38 Reply by Neovana 2025-02-26 13:29:09 (edited by Neovana 2025-02-26 15:13:42)

Re: OpenBSD 7.6 and iRedMail 1.7.2

39 Reply by ZhangHuangbin 2025-02-27 17:10:40

Re: OpenBSD 7.6 and iRedMail 1.7.2

40 Reply by Neovana 2025-02-27 17:21:23 (edited by Neovana 2025-02-27 19:06:58)

Re: OpenBSD 7.6 and iRedMail 1.7.2

41 Reply by ZhangHuangbin 2025-02-27 21:28:07

Re: OpenBSD 7.6 and iRedMail 1.7.2

42 Reply by ZhangHuangbin 2025-02-27 21:29:00

Re: OpenBSD 7.6 and iRedMail 1.7.2

43 Reply by Neovana 2025-02-28 09:14:44 (edited by Neovana 2025-03-01 19:23:57)

Re: OpenBSD 7.6 and iRedMail 1.7.2

Posts: 26 to 43 of 43