IP Banned but still being able to connect

Discussion in 'Server Operation' started by TheRudy, Sep 5, 2014.

  1. TheRudy

    TheRudy Member

    Hey guys,

    Got something that is beyond me.

    I have ISPConfig3 latest version and all that, Debian updated and so on, no problems whatsoever!! By the way, keep doing a good job with ISPC, awesome CP!

    Right, the problem I am having is that I keep getting hits from an IP that was already banned via fail2ban.

    Here are the configs and logs.

    (I've removed other banned IPs to make the list a bit smaller)
    enabled  = true
    port     = smtp
    filter   = sasl
    logpath  = /var/log/mail.log
    maxretry = 3
    findtime = 3600
    bantime = 86400

    failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
    ignoreregex =
    Did I forget anything?

    Anyway, how is it possible that my fail2ban log is filled with "already banned" and I can see in the mail.log that he is still being able to brute force login while it is being blocked by iptables?
  2. srijan

    srijan New Member HowtoForge Supporter

    Did you restarted fail2ban after the change in configurations?

Share This Page