Locked out of server

Normally in the log of the application you should find what is the application, in the fail2ban log you should have only the wan IP indeed and the jail name. What is the jail name ?

mostly postfix/smtpd

Question about this arrangement: how many interfaces has this installation? 2?

open a new topic, this could be interesting

 fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix.conf --print-all-matched
 fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix-ddos.conf --print-all-matched

this one is particular, you have to match it 100 times in 60secondes to be banned, it is a protection if you are sending too much email

fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix-sasl-abuse.conf --print-all-matched

yes, my root server has one real WAN interface (RED) with the public IP and one LAN dummy interface (GEEN).

Good idea, I will create a thread within the how-to section.

1 Like

the new thread: How to analyze who triggers fail2ban

1 Like