Topic: local user iphone banned by fail2ban pregreet
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.2.1
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: centos 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Try to figure out why would a local user every time they send an email to another user in the same domain gets banned by fail2ban
This user can send many emails to anyone on another domain but as soon as they send within the same domain they are banned.
Looking at the filter and trying to see what it does I would like to know why it is looking at all ports.
Should it not be looking just on port 25?
Every time they are banned I see this around the same time. What does all those numbers mean?
May 19 20:03:34 localhost postfix/postscreen[16272]: PREGREET 192 after 0.01 from [IP.ADD.54.73]:51612: \026\003\001\000\273\001\000\000\267\003\003^\304\201\346\270R`:v\000\275n\355v\35244J\302r$\n\200\0
postfix-pregreet.local
[postfix-pregreet]
enabled = true
maxretry = 1
filter = postfix-pregreet.iredmail
logpath = /var/log/maillog
action = iptables-multiport[name=postfix-pregreet, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
banned_db[name=postfix-pregreet, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.