On Tuesday 07 April 2020 10:09:07 Marius ROMAN wrote: > "ipset v7.1: Syntax error: '3600000' is out of range 0-2147483" > This is the problem. You could try to reduce the 'ban' time (for whatever > rules you have for dovecot) so that it would be in that interval and restart > fail2ban service. >
Thanks to the help from Marius I no longer get the error and fail2ban appears to be working. I am still having troubhles with my firewall. I have a command firewall_ban which is: firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='$1' reject " I copied this from a web posting, and I it is supposed to do what I need, which is ban specific IP addresses. However, when I tried to ban an IP I grabbed from my EXIM logs I got an error [root@ollie2 ~]# firewall_ban 46.17.96.82 Warning: ALREADY_ENABLED: rule family='ipv4' source address='46.17.96.82' reject success [root@ollie2 ~]# I was not surprised by this error as I did think that I had already banned this address. However, this does now beg the question, why am I still seeing in my exim/main.log: 2020-04-08 13:34:41 H=(slot0.iso-taem.com) [46.17.96.82] sender verify defer for <administra...@iso-taem.com>: host lookup did not complete 2020-04-08 13:34:41 H=(slot0.iso-taem.com) [46.17.96.82] F=<administra...@iso-taem.com> temporarily rejected RCPT <au...@ringways.co.uk>: Could not complete sender verify Also, I am trying to add a failregex to match the following lines, but for some reason my attempts don't work. 2020-04-08 13:34:42 H=ip3.ip-144-217-187.net (swNLFAhhb9) [144.217.187.3] rejected EHLO or HELO swnlfahhb9: Your server with the IP 144.217.187.3 is with helo name (swNLFAhhb9) configured incorrectly. Email has been blocked. (HELO Error) My best attemp is this one, and when I try it with fail2ban-regex it matches every time, but in real life, it doesn't trigger banning anyone ^%(pid)s.* \[<HOST>\] rejected EHLO or HELO They appear to match is I run fail2ban-regex but in real life, they're not triggering bans. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
