0

I know there are many posts on the subject, but I did not find a solution, every time someone tries to enter my server which gives me the following log ..

Aug 21 11:37:05 postfix/smtpd[27750]: Anonymous TLS connection established from unknown[141.98.10.81]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug 21 11:37:05  postfix/smtpd[27750]: warning: unknown[141.98.10.81]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 21 11:37:05  postfix/smtpd[27750]: disconnect from unknown[141.98.10.81] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5

I have configured fail2ban so that they can only try once, but this machine changes its IP every 2 seconds. Is there a way to stop trying to enter? I think from trying so hard it's going to block my server since I'm sending emails

Pablo Maugeri
  • 1
  • 1
  • 1
    fail2ban will temporarily shut down *repeat* offenders. What more do you want? – anx Aug 21 '22 at 14:54
  • sorry but fail2ban do not ban the ip when they try to enter with the same ip? what happens to me is that it is constantly changing ip and trying to re-enter – Pablo Maugeri Aug 21 '22 at 15:20
  • one failure for a ban? wow. fail2ban csn be used to ban a subnet if used. but i am unsure if it is already implemented officially – djdomi Aug 21 '22 at 17:22
  • i was looking if i can block an ip range i was looking for a way to do it – Pablo Maugeri Aug 21 '22 at 17:26
  • @djdomi try this way with iptables but it doesn't work . `iptables -A INPUT -s 141.98.11.0/24 -j DROP` – Pablo Maugeri Aug 21 '22 at 17:37
  • 1
    @PabloMaugeri i used [a custom action](https://pastebin.ccb-net.it/?957e34d52bcff3df#AH52TY9C1LxStUnuphWfhmivrJDEYWqtkPnQkCaxqMaf) for this, "it doesnt Work" could happen in case this is not your server, but more likewise a rental server with limitations. Remind, that you can also and always contact the [RIPE IP Owner](https://apps.db.ripe.net/db-web-ui/query?searchtext=141.98.10.81) and report abuse – djdomi Aug 22 '22 at 13:20

0 Answers0