我有一个邮件服务器,带有dovecot.我fail2ban在启用监狱的情况下运行它[dovecot]。这是该监狱的现状。
# fail2ban-client status dovecot
Status for the jail: dovecot
|- Filter
| |- Currently failed: 5
| |- Total failed: 94
| `- File list: /var/log/mail.warn /var/log/auth.log
`- Actions
|- Currently banned: 23
|- Total banned: 23
`- Banned IP list: 102.165.49.129 114.220.45.96 115.98.44.72 117.20.117.40 117.81.173.196 117.81.173.227 121.227.161.24 121.239.88.158 180.107.116.92 180.107.125.85 185.137.111.14 185.137.111.145 185.137.111.44 185.137.111.77 185.234.216.120 221.225.183.210 221.225.183.214 221.225.26.196 45.13.36.22 45.227.253.107 49.73.157.152 5.178.153.116 111.94.169.183
我已将块类型从默认值重新定义REJECT --reject-with icmp-port-unreachable为DROP.这是 的输出iptables -S。
...
-A f2b-dovecot -s 45.13.36.22/32 -j DROP
-A f2b-dovecot -s 221.225.26.196/32 -j DROP
-A f2b-dovecot -s 221.225.183.214/32 -j DROP
-A f2b-dovecot -s 221.225.183.210/32 -j DROP
-A f2b-dovecot -s 185.234.216.120/32 -j DROP
-A f2b-dovecot -s 185.137.111.77/32 -j DROP
-A f2b-dovecot -s 185.137.111.44/32 -j DROP
-A f2b-dovecot -s 185.137.111.145/32 -j DROP
-A f2b-dovecot -s 185.137.111.14/32 -j DROP
-A f2b-dovecot -s 180.107.125.85/32 -j DROP
-A f2b-dovecot -s 180.107.116.92/32 -j DROP
-A f2b-dovecot -s 121.239.88.158/32 -j DROP
-A f2b-dovecot -s 121.227.161.24/32 -j DROP
-A f2b-dovecot -s 117.81.173.227/32 -j DROP
-A f2b-dovecot -s 117.81.173.196/32 -j DROP
-A f2b-dovecot -s 117.20.117.40/32 -j DROP
-A f2b-dovecot -s 115.98.44.72/32 -j DROP
-A f2b-dovecot -s 114.220.45.96/32 -j DROP
-A f2b-dovecot -s 102.165.49.129/32 -j DROP
...
但是,我不断收到类似的消息
May 27 22:27:08 mail auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [email protected] rhost=185.137.111.77
我认为 IMAP 连接是从这些被禁止的 IP 地址尝试的。但是,当我手动运行时
iptables -I f2b-dovecot <MY_IP> -j DROP
并运行
telnet MY_MAIL_SERVER 993
数据包按预期被丢弃。
问:为什么我仍然收到pam_unix(dovecot:auth) authentication failure消息auth.log?与 IMAP 端口的连接是否被阻止?