On 2023-05-03 10:02, Ben Coleman wrote:
I just ran into a situation where I found my incoming groups.io emails getting blocked - the server would refuse connections from the groups.io email server. It turned out to be a combination of different blocking mechanisms, the Postfix RBL blocker, and the fail2ban postfix filter. I use the SpamCop RBL, and apparently groups.io will appear on spamcop every once in a while. It also appears that the fail2ban postfix filter will ban immediately upon seeing an RBL block. So, every time groups.io was on the SpamCop list long enough to have an email blocked, fail2ban would ban the ip, and each time this happened, the ban would be longer (at this point it was up to 8 days). I think I've got this handled. I've whitelisted the groups.io mail server in Postfix, and killed the current ban via a "fail2ban-client unban <ip>". What I'm not sure of is if this clears the 'increment' for this address. The fail2ban-client man page indicates that fail2ban unban <ip> 'unbans <IP> (in all jails and database)'. Does that database include the database where increments are kept for each IP? And if not, how do I reset the increment for this ip, so that if this slips by me again, I'm not looking at a days-long ban? Ben
Why not whitelist it in f2b? _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
