1 (edited by derian00 2021-02-25 22:39:28)

Topic: fail2ban ignoring "ignoreip" in jail.conf

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

my iredmail server is fail2ban'ing one of our networks, I suspect one of our VMs had an issue during an update and is frantically trying to flood the mail server with emails about how something is wrong; problem is, I'm currently locked out of iredmail, I can get into the command line no problem, and in `/etc/fail2ban/jail.conf` I set 'ignoreip = 11.22.33.444`, however, `systemctl status fail2ban` still returns `fail2ban.actions [24925]: NOTICE [postfix] Restore Ban 11.22.33.444`, this leads me to two questions, firstly, is there a way I can whitelist our own WAN IP as to prevent this from happening in future? And secondly, how can I see which address postfix is being flooded with failed connections by, so  I can go in and actually fix the server that's flooding our mail server?

Additionally, I've run `sudo python3 /opt/iredapd/tools/wblist_admin.py --add --whitelist 11.22.33.444 @` and ensured `amavisd_wblist` is listed under enabled plugins under `/opt/iredapd/settings.py`

Guidance on getting to the root cause of this issue and whitelisting to prevent this from happening in future, both greatly appreciated!

Thanks,

Derian

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: fail2ban ignoring "ignoreip" in jail.conf

Please whitelist it in /etc/fail2ban/jail.local.

- jail.local overrdes jail.conf
- fail2ban.local overrides fail2ban.conf