We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
exim-iptables
exim-iptables
Can you guys please explain this to me?
Recently my fail2ban has lots of [INFO] of ips and not a single ban.
What i did is i changed my config to:
[exim-iptables]
enabled = true
filter = exim
action = vesta[name=MAIL]
logpath = /var/log/exim/main.log
findtime = 100
maxretry = 3
bantime = 604800
After that i service fail2ban restart and then checked the log back and tons of ban ip's.
My question is, is my config too strict should i adjust it? If yes , what's your recommendation?
Also can you please clarify to me, where is this exim coming from, i tried logging into roudcube and i see log of dovecot-iptables, i tried logging in via thunderbird i see the same thing its via dovecot-iptables. What about exim-iptables how is this triggered? I hope i don't have any malicious code (internally) because my server is fairly new.
Thanks guys!
Recently my fail2ban has lots of [INFO] of ips and not a single ban.
016-03-10 04:12:51,701 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 04:39:27,682 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 05:06:01,954 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 05:32:30,947 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 05:59:05,699 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 06:25:38,406 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 06:52:10,653 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 07:18:47,621 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 07:45:15,664 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
What i did is i changed my config to:
[exim-iptables]
enabled = true
filter = exim
action = vesta[name=MAIL]
logpath = /var/log/exim/main.log
findtime = 100
maxretry = 3
bantime = 604800
After that i service fail2ban restart and then checked the log back and tons of ban ip's.
Code: Select all
2016-03-11 01:15:07,428 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 146.200.216.113
2016-03-11 01:15:08,615 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 151.24.125.59
2016-03-11 01:15:09,105 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 151.33.243.226
2016-03-11 01:15:09,654 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 151.66.131.4
2016-03-11 01:15:10,137 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 175.180.89.82
2016-03-11 01:15:10,638 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 177.11.51.81
2016-03-11 01:15:11,184 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 185.124.86.114
2016-03-11 01:15:11,488 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 188.201.197.126
2016-03-11 01:15:11,889 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 2.89.26.126
2016-03-11 01:15:12,524 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 201.145.119.16
2016-03-11 01:15:13,050 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 24.54.197.198
2016-03-11 01:15:13,487 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 5.196.211.93
2016-03-11 01:15:14,253 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 64.130.137.69
2016-03-11 01:15:14,828 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 85.93.18.137
2016-03-11 01:15:15,553 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 93.107.40.132
Also can you please clarify to me, where is this exim coming from, i tried logging into roudcube and i see log of dovecot-iptables, i tried logging in via thunderbird i see the same thing its via dovecot-iptables. What about exim-iptables how is this triggered? I hope i don't have any malicious code (internally) because my server is fairly new.
Thanks guys!