1

Topic: Fail2Ban Question

Hi!

Thanks so much for a great open source package you've put together!  I've already found many solutions to common issues in your forum, implementing spam detection and other things.

I've recently run into an issue with Fail2Ban however, that I'm inexperienced with:

Below is an excerpt of the mail.log that I believe to be causing the fail2ban entry.

I've found that a poorly configured iPhone Mail App has caused similar errors and banning, but I'm not sure what exactly the following means.

I've masked the personal data, but 70.0.0.0 being the banned client IP, from a Verizon iPhone I believe.

Apr 28 18:46:13 mail postfix/smtpd[9370]: connect from 250.sub-70-0-0.myvzw.com[70.0.0.0]
Apr 28 18:46:13 mail postfix/smtpd[9370]: NOQUEUE: reject: RCPT from 250.sub-70-0-0.myvzw.com[70.0.0.0]: 554 5.7.1 <250.sub-70-0-0.myvzw.com[70.0.0.0]>: Client host rejected: Access denied; from=<jon@clientdomain.org> to=<chrisa@clientdomain.org> proto=ESMTP helo=<[100.0.0.230]>
Apr 28 18:46:13 mail postfix/smtpd[9370]: NOQUEUE: reject: RCPT from 250.sub-70-0-0.myvzw.com[70.0.0.0]: 554 5.7.1 <250.sub-70-0-0.myvzw.com[70.0.0.0]>: Client host rejected: Access denied; from=<jon@clientdomain.org> to=<karlie@clientdomain.org> proto=ESMTP helo=<[100.0.0.230]>
Apr 28 18:46:13 mail postfix/smtpd[9370]: NOQUEUE: reject: RCPT from 250.sub-70-0-0.myvzw.com[70.0.0.0]: 554 5.7.1 <250.sub-70-0-0.myvzw.com[70.0.0.0]>: Client host rejected: Access denied; from=<jon@clientdomain.org> to=<bernie@clientdomain.org> proto=ESMTP helo=<[100.0.0.230]>
Apr 28 18:46:13 mail postfix/smtpd[9370]: NOQUEUE: reject: RCPT from 250.sub-70-0-0.myvzw.com[70.0.0.0]: 554 5.7.1 <250.sub-70-0-0.myvzw.com[70.0.0.0]>: Client host rejected: Access denied; from=<jon@clientdomain.org> to=<someone@gmail.com> proto=ESMTP helo=<[100.0.0.230]>
Apr 28 18:46:13 mail postfix/smtpd[9370]: NOQUEUE: reject: RCPT from 250.sub-70-0-0.myvzw.com[70.0.0.0]: 554 5.7.1 <250.sub-70-0-0.myvzw.com[70.0.0.0]>: Client host rejected: Access denied; from=<jon@clientdomain.org> to=<laura@clientdomain.org> proto=ESMTP helo=<[100.0.0.230]>
Apr 28 18:46:14 mail postfix/smtpd[9370]: disconnect from 250.sub-70-0-0.myvzw.com[70.0.0.0]
Apr 28 18:46:14 mail postfix/smtpd[9370]: connect from 250.sub-70-0-0.myvzw.com[70.0.0.0]
Apr 28 18:46:14 mail postfix/smtpd[9370]: NOQUEUE: reject: RCPT from 250.sub-70-0-0.myvzw.com[70.0.0.0]: 554 5.7.1 <250.sub-70-0-0.myvzw.com[70.0.0.0]>: Client host rejected: Access denied; from=<jon@clientdomain.org> to=<chrisa@clientdomain.org> proto=ESMTP helo=<[100.0.0.230]>
Apr 28 18:46:14 mail postfix/smtpd[9370]: NOQUEUE: reject: RCPT from 250.sub-70-0-0.myvzw.com[70.0.0.0]: 554 5.7.1 <250.sub-70-0-0.myvzw.com[70.0.0.0]>: Client host rejected: Access denied; from=<jon@clientdomain.org> to=<karlie@clientdomain.org> proto=ESMTP helo=<[100.0.0.230]>
Apr 28 18:46:14 mail postfix/smtpd[9370]: NOQUEUE: reject: RCPT from 250.sub-70-0-0.myvzw.com[70.0.0.0]: 554 5.7.1 <250.sub-70-0-0.myvzw.com[70.0.0.0]>: Client host rejected: Access denied; from=<jon@clientdomain.org> to=<bernie@clientdomain.org> proto=ESMTP helo=<[100.0.0.230]>
Apr 28 18:46:14 mail postfix/smtpd[9370]: NOQUEUE: reject: RCPT from 250.sub-70-0-0.myvzw.com[70.0.0.0]: 554 5.7.1 <250.sub-70-0-0.myvzw.com[70.0.0.0]>: Client host rejected: Access denied; from=<jon@clientdomain.org> to=<someone@gmail.com> proto=ESMTP helo=<[100.0.0.230]>
Apr 28 18:46:14 mail postfix/smtpd[9370]: NOQUEUE: reject: RCPT from 250.sub-70-0-0.myvzw.com[70.0.0.0]: 554 5.7.1 <250.sub-70-0-0.myvzw.com[70.0.0.0]>: Client host rejected: Access denied; from=<jon@clientdomain.org> to=<laura@clientdomain.org> proto=ESMTP helo=<[100.0.0.230]>
Apr 28 18:46:14 mail postfix/smtpd[9370]: disconnect from 250.sub-70-0-0.myvzw.com[70.0.0.0]

Like I said, I'm not sure exactly what's going on between the, "Client host rejected: Access denied", "554 5.7.1", and "helo".  I'll do more research on my end, but figured I might not be alone.

Thanks again!


==== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx):
- Linux/BSD distribution name and version: Ubuntu 14.04
- Related log if you're reporting an issue:
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Fail2Ban Question

[SOLVED]

In case anyone else has this issue, it appeared to be because the iPhone Mail App, Outgoing Mail Server, User Name and Password are "Optional" which results in this behavior.  On the phone it will give you an error message on sending, but then fail silently (2nd & 3rd tries) while trying to resend the message.