Hello @ everyone,
I have just reviewd my logs of Fail2Ban. It loolks like I have an Error in the Postfix-sasl File.
I am getting this error:
Blockquote2020-05-03 23:08:02,379 fail2ban.filter [601]: INFO [postfix-sasl] Found 45.142.195.8 - 2020-05-03 23:08:01
2020-05-03 23:08:30,412 fail2ban.filter [601]: INFO [postfix-sasl] Found 45.142.195.8 - 2020-05-03 23:08:30
2020-05-03 23:08:31,087 fail2ban.actions [601]: NOTICE [postfix-sasl] Ban 45.142.195.8
2020-05-03 23:08:32,396 fail2ban.utils [601]: Level 39 7f7d9c1c77b0 – exec: ipset create f2b-postfix-sasl hash:ip timeout 600
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -m set --match-set f2b-postfix-sasl src -j REJECT --reject-with icmp-port-unreachable
2020-05-03 23:08:32,396 fail2ban.utils [601]: ERROR 7f7d9c1c77b0 – stderr: ‘ipset v6.34: Set cannot be created: set with the same name already exists’
2020-05-03 23:08:32,396 fail2ban.utils [601]: ERROR 7f7d9c1c77b0 – stderr: ‘Error: COMMAND_FAILED’
2020-05-03 23:08:32,397 fail2ban.utils [601]: ERROR 7f7d9c1c77b0 – returned 13
2020-05-03 23:08:32,397 fail2ban.actions [601]: ERROR Failed to execute ban jail ‘postfix-sasl’ action ‘firewallcmd-ipset’ info ‘ActionInfo({‘ip’: ‘45.142.195.8’, ‘family’: ‘inet4’, ‘ip-rev’: ‘8.195.142.45.’, ‘ip-host’: None, ‘fid’: ‘45.142.195.8’, ‘failures’: 2, ‘time’: 1588565310.0, ‘matches’: ‘May 3 23:08:01 primary postfix/smtpd[735]: warning: unknown[45.142.195.8]: SASL LOGIN authentication failed: authentication failure\nMay 3 23:08:30 primary postfix/smtpd[735]: warning: unknown[45.142.195.8]: SASL LOGIN authentication failed: authentication failure’, ‘restored’: 0, ‘F-*’: {‘matches’: [(’‘, ‘May 3 23:08:01’, ’ primary postfix/smtpd[735]: warning: unknown[45.142.195.8]: SASL LOGIN authentication failed: authentication failure’), ‘May 3 23:08:30 primary postfix/smtpd[735]: warning: unknown[45.142.195.8]: SASL LOGIN authentication failed: authentication failure’], ‘failures’: 2, ‘ip4’: ‘45.142.195.8’}, ‘ipmatches’: ‘May 3 23:08:01 primary postfix/smtpd[735]: warning: unknown[45.142.195.8]: SASL LOGIN authentication failed: authentication failure\nMay 3 23:08:30 primary postfix/smtpd[735]: warning: unknown[45.142.195.8]: SASL LOGIN authentication failed: authentication failure’, ‘ipjailmatches’: ‘May 3 23:08:01 primary postfix/smtpd[735]: warning: unknown[45.142.195.8]: SASL LOGIN authentication failed: authentication failure\nMay 3 23:08:30 primary postfix/smtpd[735]: warning: unknown[45.142.195.8]: SASL LOGIN authentication failed: authentication failure’, ‘ipfailures’: 2, ‘ipjailfailures’: 2})': Error starting action Jail(‘postfix-sasl’)/firewallcmd-ipset
Can someone help me with that? I am running on Ubuntu 18.04.
Here is my config-File of the Postfix.conf