Koozali.org: home of the SME Server

Obsolete Releases => SME 9.x Contribs => Topic started by: Drifting on September 16, 2020, 11:29:36 AM

Title: Fail2Ban and Whitelist
Post by: Drifting on September 16, 2020, 11:29:36 AM

Hi
Just installed the contrib for failed to ban, seems it does not like our ISP mail server and starts banning it. Have added it to the white list, and it shows on the web console as whitelisted, yet I still get and email saying it is banned? However in the banned part of the console, none show as banned? Did I miss something out here?
Just a quick ask before I go investigating via a shell to the server.

Paul.

Title: Re: Fail2Ban and Whitelist
Post by: ReetP on September 16, 2020, 02:09:41 PM

First

Code: [Select]

config show fail2ban
Next you can see what settings fail2ban uses and where using this:

Code: [Select]

cd /etc/e-smith/templates
grep -rn fail2ban *
Should show you all the templates where config entries are used.

Likely culprit is here:

Code: [Select]

etc/fail2ban/jail.conf/05IgnoreIP:29:foreach (split /[,;]/, ($fail2ban{'IgnoreIP'} || '')){
So what does you config entry say?

And lets have a look at the actual config file:

Code: [Select]

cat /etc/fail2ban/jail.conf
What's in the 'ignoreip' line?

Also, have you checked /var/log/messages and /var/log/fail2ban/daemon.log ?

Should keep you busy.