• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Fail2Ban , a little question

MartinB

MartinB

Basic Pleskian
Hello !

I'm using the new 17.5.3'er of Onyx, and found this :

At the fail2ban jails, here are my settings for the " plesk-postfix " jail :

Code: 
[plesk-postfix]
enabled = true
filter = postfix-sasl
action = iptables-multiport[name="plesk-postfix", port="smtp,smtps,submission"]
logpath = /var/log/maillog
maxretry = 3

Here are some lines from the logfile :

Code: 
2017-04-01 18:22:20,894 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,034 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,172 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,320 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,456 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,597 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,745 fail2ban.filter [10941]: INFO [plesk-postfix] Found 195.22.126.142
2017-04-01 18:22:21,861 fail2ban.actions [10941]: NOTICE [plesk-postfix] Ban 195.22.126.142


I don't understand, why there more than 3 attempts ?!

Thanks for any help ...


Bye, Martin
 
All these entries have the "same time". Except for the first one.

All have happened within a second
 
Last edited:
Oh, I thought fail2ban counts the number of failed attempts of an IP ... :rolleyes:
... or are these attempts to fast for a reaction ? o_O

Bye, Martin
 
As you can see it has taken action with in the same second.

How about allowing it few miliseconds to figure out. Also its not only the maillog its watching ;)
 
Thank you for sharing. Feel more safer with plesk-fail2ban extention now.

Nice to see it has taken action with miliseconds. :)
 
You must log in or register to reply here.

Similar threads

Gianni
Question My IP in jail fail2ban using plesk
Replies
0
Views
168
Gianni
Gianni
claxman
Issue Anacron job 'cron.daily' on server.domain (Fail2Ban Automatic Closing Problem)
Replies
17
Views
3K
Hiljo_Lodewijk
H
A
Question Some security questions
Replies
2
Views
677
amba1980
A
DieterWerner
Question What to do against high frequently attackers
Replies
1
Views
597
Monty
Monty
P
Input plesk fail2ban missing some important filter rules
Replies
2
Views
1K
PeterKi
P
Back
Top