Fail2ban blocks Courierimap and Postfix for no reason

[stonegate]

Hi,

we use CentOS Linux 7.0.1406 (Core) Plesk Version 12.0.18 Update #26
I got reports of several users on my system, and i can confirm this myself, that fail2ban is blocking courier imap and postfix connections when i try to connect to the Plesk Server with Outlook 2013 and theBat and the Apple Mac Mail Client.

I used the correct login information but fail2ban blocked the IPs for no obvious reason:

2014-12-03 12:46:57,908 fail2ban.actions[920]: WARNING [plesk-postfix] Ban 82.134.94.102
2014-12-03 12:46:58,049 fail2ban.actions[920]: WARNING [plesk-courierimap] Ban 82.134.94.102

I disabled the two jails now and it works perfectly. But why is fail2ban blocking valid requests ? I tried it myself and i did not enter a wrong password or something. MaxRetry is 5 so this should not be a problem. The problem is not affecting all users but just a few. However all of them are using correct credentials so i dont understand why they are being blocked at all.

Can anyone help me with that ?
Best Regards
Stoney

 

[UFHH01]

Hi stonegate,

you can answer the question, WHY Fail2Ban takes a ban-action by yourself, by investigating the jail - filter and the depending log - entry.

You can view the filters over the Plesk Control Panel and see as well, the defined log, which Fail2Ban should observe, based on the Fail2Ban - filter. If you now have a closer look on the defined log - file ( for mail, the standard configuration should be "/var/log/maillog" ), you should see entries, which match the specific Fail2Ban filter rules and so Fail2Ban will take a ban-action, based on the depending Fail2Ban - jail definition.

If you still think, that Fail2Ban bans with no reason, please post the specific Fail2ban - jail, the depending Fail2Ban - filter and the depending log - entries of the log - file from the specific Fail2Ban - jail for further investigations, please.