Fail2Ban 不阻止 plesk 下失败的 postfix 登录
Fail2Ban not blocking failed postfix login under plesk
我有 plesk 12.0.18 更新 #96
OS:Ubuntu 14.04.3 LTS
我已经通过 plesk 安装了 fail2ban 并且出于某种原因它没有阻止在 postfix 服务器上的失败尝试。
Dec 20 08:34:53 website postfix/smtpd[6696]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:34:56 website postfix/smtpd[27244]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:35:00 website postfix/smtpd[7415]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:35:32 website postfix/smtpd[6582]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:35:35 website postfix/smtpd[29514]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:35:41 website postfix/smtpd[6582]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:03 website postfix/smtpd[6582]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:06 website postfix/smtpd[6696]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:09 website postfix/smtpd[27244]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:15 website postfix/smtpd[6696]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:21 website postfix/smtpd[6696]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:24 website postfix/smtpd[27244]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:27 website postfix/smtpd[6696]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
我不得不通过 iptables 阻止这个 ip myslef -I 当我检查 fail2ban 的日志时,那里没有任何东西甚至显示试图阻止 ip。
找到了。过滤器有问题,不匹配 + ip table 的规则由于某种原因是错误的。这是默认安装。
我有 plesk 12.0.18 更新 #96 OS:Ubuntu 14.04.3 LTS 我已经通过 plesk 安装了 fail2ban 并且出于某种原因它没有阻止在 postfix 服务器上的失败尝试。
Dec 20 08:34:53 website postfix/smtpd[6696]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:34:56 website postfix/smtpd[27244]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:35:00 website postfix/smtpd[7415]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:35:32 website postfix/smtpd[6582]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:35:35 website postfix/smtpd[29514]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:35:41 website postfix/smtpd[6582]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:03 website postfix/smtpd[6582]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:06 website postfix/smtpd[6696]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:09 website postfix/smtpd[27244]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:15 website postfix/smtpd[6696]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:21 website postfix/smtpd[6696]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:24 website postfix/smtpd[27244]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
Dec 20 08:36:27 website postfix/smtpd[6696]: warning: unknown[37.216.243.35]: SASL LOGIN authentication failed: authentication failure
我不得不通过 iptables 阻止这个 ip myslef -I 当我检查 fail2ban 的日志时,那里没有任何东西甚至显示试图阻止 ip。
找到了。过滤器有问题,不匹配 + ip table 的规则由于某种原因是错误的。这是默认安装。