exim-iptables
exim-iptables
Can you guys please explain this to me?
Recently my fail2ban has lots of [INFO] of ips and not a single ban.
What i did is i changed my config to:
[exim-iptables]
enabled = true
filter = exim
action = vesta[name=MAIL]
logpath = /var/log/exim/main.log
findtime = 100
maxretry = 3
bantime = 604800
After that i service fail2ban restart and then checked the log back and tons of ban ip's.
My question is, is my config too strict should i adjust it? If yes , what's your recommendation?
Also can you please clarify to me, where is this exim coming from, i tried logging into roudcube and i see log of dovecot-iptables, i tried logging in via thunderbird i see the same thing its via dovecot-iptables. What about exim-iptables how is this triggered? I hope i don't have any malicious code (internally) because my server is fairly new.
Thanks guys!
Recently my fail2ban has lots of [INFO] of ips and not a single ban.
016-03-10 04:12:51,701 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 04:39:27,682 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 05:06:01,954 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 05:32:30,947 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 05:59:05,699 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 06:25:38,406 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 06:52:10,653 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 07:18:47,621 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
2016-03-10 07:45:15,664 fail2ban.filter [9653]: INFO [exim-iptables] Found 185.130.5.160
What i did is i changed my config to:
[exim-iptables]
enabled = true
filter = exim
action = vesta[name=MAIL]
logpath = /var/log/exim/main.log
findtime = 100
maxretry = 3
bantime = 604800
After that i service fail2ban restart and then checked the log back and tons of ban ip's.
Code: Select all
2016-03-11 01:15:07,428 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 146.200.216.113
2016-03-11 01:15:08,615 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 151.24.125.59
2016-03-11 01:15:09,105 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 151.33.243.226
2016-03-11 01:15:09,654 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 151.66.131.4
2016-03-11 01:15:10,137 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 175.180.89.82
2016-03-11 01:15:10,638 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 177.11.51.81
2016-03-11 01:15:11,184 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 185.124.86.114
2016-03-11 01:15:11,488 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 188.201.197.126
2016-03-11 01:15:11,889 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 2.89.26.126
2016-03-11 01:15:12,524 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 201.145.119.16
2016-03-11 01:15:13,050 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 24.54.197.198
2016-03-11 01:15:13,487 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 5.196.211.93
2016-03-11 01:15:14,253 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 64.130.137.69
2016-03-11 01:15:14,828 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 85.93.18.137
2016-03-11 01:15:15,553 fail2ban.actions [27135]: NOTICE [exim-iptables] Ban 93.107.40.132Also can you please clarify to me, where is this exim coming from, i tried logging into roudcube and i see log of dovecot-iptables, i tried logging in via thunderbird i see the same thing its via dovecot-iptables. What about exim-iptables how is this triggered? I hope i don't have any malicious code (internally) because my server is fairly new.
Thanks guys!