I just ran into a situation where I found my incoming groups.io emails
getting blocked - the server would refuse connections from the groups.io
email server. It turned out to be a combination of different blocking
mechanisms, the Postfix RBL blocker, and the fail2ban postfix filter. I
use the SpamCop RBL, and apparently groups.io will appear on spamcop
every once in a while. It also appears that the fail2ban postfix filter
will ban immediately upon seeing an RBL block. So, every time groups.io
was on the SpamCop list long enough to have an email blocked, fail2ban
would ban the ip, and each time this happened, the ban would be longer
(at this point it was up to 8 days).
I think I've got this handled. I've whitelisted the groups.io mail
server in Postfix, and killed the current ban via a "fail2ban-client
unban <ip>". What I'm not sure of is if this clears the 'increment' for
this address. The fail2ban-client man page indicates that fail2ban
unban <ip> 'unbans <IP> (in all jails and database)'. Does that
database include the database where increments are kept for each IP?
And if not, how do I reset the increment for this ip, so that if this
slips by me again, I'm not looking at a days-long ban?
Ben
--
Ben Coleman olo...@benshome.net | For the wise man, doing right trumps
http://oloryn.benshome.net/ | looking right. For the fool, looking
Amateur Radio NJ8J | right trumps doing right.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
