Hey guys, Got something that is beyond me. I have ISPConfig3 latest version and all that, Debian updated and so on, no problems whatsoever!! By the way, keep doing a good job with ISPC, awesome CP! Right, the problem I am having is that I keep getting hits from an IP that was already banned via fail2ban. Here are the configs and logs. mail.log mail.warn fail2ban.log iptables (I've removed other banned IPs to make the list a bit smaller) jail.local Code: [sasl] enabled = true port = smtp filter = sasl logpath = /var/log/mail.log maxretry = 3 findtime = 3600 bantime = 86400 filter.d/sasl.conf Code: [Definition] failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ ignoreregex = Did I forget anything? Anyway, how is it possible that my fail2ban log is filled with "already banned" and I can see in the mail.log that he is still being able to brute force login while it is being blocked by iptables?
