Further login attemps by Fail2Ban banned ip, warning: hostname * does not resolve to address*: Name or service not known #3723

lennartbrandin · 2023-12-25T18:18:19Z

lennartbrandin
Dec 25, 2023

Observation

I noticed a large amount of failing login attempts by the same ip. If i look in setup fail2ban status it appears as banned, but docker-compose logs -f continues to log further login attempts.

There are also specific logs i've only seen with the two domains that currently that seem to bypass fail2ban:
warning: hostname carrier-axis.trumpbuyer.com does not resolve to address 141.98.10.124: Name or service not known
The high amount of obscure domain request (answered N/A) also made me notice this.

Expectation

Fail2Ban blocks ip, no further login attempts are allowed

Logs

docker-compose logs -f

mailserver    | [   INF   ]  Welcome to docker-mailserver 13.0.0
mailserver    | [   INF   ]  Checking configuration
mailserver    | [   INF   ]  Configuring mail server
mailserver    | [   INF   ]  Starting daemons
mailserver    | [   INF   ]  mail.mydomain.name is up and running
mailserver    | Dec 25 18:43:23 mail postfix/postfix-script[716]: starting the Postfix mail system
mailserver    | Dec 25 18:43:23 mail postfix/master[720]: daemon started -- version 3.5.18, configuration /etc/postfix
mailserver    | Dec 25 18:43:23 mail amavis[598]: starting. /usr/sbin/amavisd-new at mail.mydomain.name amavisd-new-2.11.1 (20181009), Unicode aware, LC_CTYPE="C.UTF-8"
mailserver    | Dec 25 18:43:23 mail amavis[598]: perl=5.032001, user=, EUID: 109 (109);  group=, EGID: 111 111 (111 111)
mailserver    | Dec 25 18:43:23 mail amavis[598]: Net::Server: Group Not Defined.  Defaulting to EGID '111 111'
mailserver    | Dec 25 18:43:23 mail amavis[598]: Net::Server: User Not Defined.  Defaulting to EUID '109'
mailserver    | Dec 25 18:43:23 mail amavis[598]: No ext program for   .zoo, tried: zoo
mailserver    | Dec 25 18:43:23 mail amavis[598]: No ext program for   .doc, tried: ripole
mailserver    | Dec 25 18:43:23 mail amavis[598]: No decoder for       .F   
mailserver    | Dec 25 18:43:23 mail amavis[598]: No decoder for       .doc 
mailserver    | Dec 25 18:43:23 mail amavis[598]: No decoder for       .zoo 
mailserver    | Dec 25 18:43:46 mail postfix/submissions/smtpd[763]: warning: hostname carrier-axis.trumpbuyer.com does not resolve to address 141.98.10.124: Name or service not known
mailserver    | Dec 25 18:43:46 mail postfix/submissions/smtpd[763]: connect from unknown[141.98.10.124]
mailserver    | Dec 25 18:43:46 mail postfix/submissions/smtpd[763]: Anonymous TLS connection established from unknown[141.98.10.124]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Dec 25 18:43:50 mail dovecot: auth: passwd-file(charlotte@mydomain.name,141.98.10.124): unknown user (SHA1 of given password: 351429)
mailserver    | Dec 25 18:43:52 mail postfix/submissions/smtpd[796]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Dec 25 18:43:52 mail postfix/submissions/smtpd[796]: connect from unknown[141.98.11.68]
mailserver    | Dec 25 18:43:52 mail postfix/submissions/smtpd[763]: warning: unknown[141.98.10.124]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
mailserver    | Dec 25 18:43:52 mail postfix/submissions/smtpd[763]: lost connection after AUTH from unknown[141.98.10.124]
mailserver    | Dec 25 18:43:52 mail postfix/submissions/smtpd[763]: disconnect from unknown[141.98.10.124] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Dec 25 18:44:04 mail postfix/submissions/smtpd[796]: Anonymous TLS connection established from unknown[141.98.11.68]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Dec 25 18:44:28 mail postfix/submissions/smtpd[763]: warning: hostname carrier-axis.trumpbuyer.com does not resolve to address 141.98.10.124: Name or service not known
mailserver    | Dec 25 18:44:28 mail postfix/submissions/smtpd[763]: connect from unknown[141.98.10.124]
mailserver    | Dec 25 18:44:29 mail postfix/submissions/smtpd[763]: Anonymous TLS connection established from unknown[141.98.10.124]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Dec 25 18:44:32 mail dovecot: auth: passwd-file(iktisat@mydomain.name,141.98.10.124): unknown user (SHA1 of given password: a06622)
mailserver    | Dec 25 18:44:34 mail postfix/submissions/smtpd[763]: warning: unknown[141.98.10.124]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
mailserver    | Dec 25 18:44:34 mail postfix/submissions/smtpd[763]: lost connection after AUTH from unknown[141.98.10.124]
mailserver    | Dec 25 18:44:34 mail postfix/submissions/smtpd[763]: disconnect from unknown[141.98.10.124] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Dec 25 18:44:35 mail dovecot: auth: passwd-file(z2@mydomain.name,141.98.11.68): unknown user (SHA1 of given password: 7c4a8d)
mailserver    | Dec 25 18:44:36 mail postfix/submissions/smtpd[763]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Dec 25 18:44:36 mail postfix/submissions/smtpd[763]: connect from unknown[141.98.11.68]
mailserver    | Dec 25 18:44:37 mail postfix/submissions/smtpd[796]: warning: unknown[141.98.11.68]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
mailserver    | Dec 25 18:44:43 mail postfix/submissions/smtpd[796]: lost connection after AUTH from unknown[141.98.11.68]
mailserver    | Dec 25 18:44:43 mail postfix/submissions/smtpd[796]: disconnect from unknown[141.98.11.68] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Dec 25 18:44:47 mail postfix/submissions/smtpd[763]: Anonymous TLS connection established from unknown[141.98.11.68]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Dec 25 18:45:12 mail postfix/submissions/smtpd[796]: warning: hostname carrier-axis.trumpbuyer.com does not resolve to address 141.98.10.124: Name or service not known
mailserver    | Dec 25 18:45:12 mail postfix/submissions/smtpd[796]: connect from unknown[141.98.10.124]
mailserver    | Dec 25 18:45:12 mail postfix/submissions/smtpd[796]: Anonymous TLS connection established from unknown[141.98.10.124]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Dec 25 18:45:16 mail dovecot: auth: passwd-file(lit@mydomain.name,141.98.10.124): unknown user (SHA1 of given password: f12ecf)
mailserver    | Dec 25 18:45:18 mail postfix/submissions/smtpd[796]: warning: unknown[141.98.10.124]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
mailserver    | Dec 25 18:45:18 mail postfix/submissions/smtpd[796]: lost connection after AUTH from unknown[141.98.10.124]
mailserver    | Dec 25 18:45:18 mail postfix/submissions/smtpd[796]: disconnect from unknown[141.98.10.124] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Dec 25 18:45:20 mail postfix/submissions/smtpd[796]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Dec 25 18:45:20 mail postfix/submissions/smtpd[796]: connect from unknown[141.98.11.68]
mailserver    | Dec 25 18:45:20 mail dovecot: auth: passwd-file(printing@mydomain.name,141.98.11.68): unknown user (SHA1 of given password: 7c4a8d)
mailserver    | Dec 25 18:45:22 mail postfix/submissions/smtpd[763]: warning: unknown[141.98.11.68]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
mailserver    | Dec 25 18:45:28 mail postfix/submissions/smtpd[763]: lost connection after AUTH from unknown[141.98.11.68]
mailserver    | Dec 25 18:45:28 mail postfix/submissions/smtpd[763]: disconnect from unknown[141.98.11.68] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Dec 25 18:45:33 mail postfix/submissions/smtpd[796]: Anonymous TLS connection established from unknown[141.98.11.68]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Dec 25 18:45:55 mail postfix/submissions/smtpd[763]: warning: hostname carrier-axis.trumpbuyer.com does not resolve to address 141.98.10.124: Name or service not known
mailserver    | Dec 25 18:45:55 mail postfix/submissions/smtpd[763]: connect from unknown[141.98.10.124]
mailserver    | Dec 25 18:45:56 mail postfix/submissions/smtpd[763]: Anonymous TLS connection established from unknown[141.98.10.124]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Dec 25 18:45:56 mail dovecot: auth: passwd-file(tsweb@mydomain.name,141.98.10.124): unknown user (SHA1 of given password: 242359)

docker-compose exec mailserver setup fail2ban status

Status for the jail: custom
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	0
|  `- File list:	
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:	

Status for the jail: dovecot
|- Filter
|  |- Currently failed:	1
|  |- Total failed:	30
|  `- File list:	/var/log/mail.log
`- Actions
   |- Currently banned:	2
   |- Total banned:	2
   `- Banned IP list:	141.98.10.124 141.98.11.68

Status for the jail: postfix
|- Filter
|  |- Currently failed:	1
|  |- Total failed:	30
|  `- File list:	/var/log/mail.log
`- Actions
   |- Currently banned:	3
   |- Total banned:	3
   `- Banned IP list:	141.98.10.124 141.98.11.68 172.30.0.1

Status for the jail: postfix-sasl
|- Filter
|  |- Currently failed:	1
|  |- Total failed:	30
|  `- File list:	/var/log/mail.log
`- Actions
   |- Currently banned:	2
   |- Total banned:	2
   `- Banned IP list:	141.98.10.124 141.98.11.68

Configs

Docker-compose.yml

services:
  mailserver:
    image: docker.io/mailserver/docker-mailserver:latest
    container_name: mailserver
    # If the FQDN for your mail-server is only two labels (eg: example.com),
    # you can assign this entirely to `hostname` and remove `domainname`.
    hostname: mail
    domainname: mydomain.name
    env_file: mailserver.env
    ports:
      - "25:25"    # SMTP  (explicit TLS => STARTTLS)
      - "143:143"  # IMAP4 (explicit TLS => STARTTLS)
      - "465:465"  # ESMTP (implicit TLS)
      - "587:587"  # ESMTP (explicit TLS => STARTTLS)
      - "993:993"  # IMAP4 (implicit TLS)
    volumes:
      - ./config/fail2ban/fail2ban-jail.cf:/etc/fail2ban/jail.d/user-jail.local
      - ./config/dovecot/10-custom.conf:/etc/dovecot/conf.d/10-custom.conf
      - ./docker-data/dms/mail-data/:/var/mail/
      - ./docker-data/dms/mail-state/:/var/mail-state/
      - ./docker-data/dms/mail-logs/:/var/log/mail/
      - ./docker-data/dms/config/:/tmp/docker-mailserver/
      - ./docker-data/dkim/tmp:/tmp/docker-mailserver/opendkim/keys/mydomain.name
      - ./docker-data/dkim/etc:/etc/opendkim/keys/mydomain.name
      - ./docker-data/certs:/certs:ro
      - /etc/localtime:/etc/localtime:ro
      - "../nginx/letsencrypt/live/mail.mydomain.name/fullchain.pem:/tmp/dms/custom-certs/fullchain.pem:ro"
      - "../nginx/letsencrypt/live/mail.mydomain.name/privkey.pem:/tmp/dms/custom-certs/privkey.pem:ro"
    restart: always
    stop_grace_period: 1m
    cap_add:
      - NET_ADMIN
    healthcheck:
      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
      timeout: 3s
      retries: 0

mailserver.env

....
# If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`:
#    cap_add:
#      - NET_ADMIN
# Otherwise, `nftables` won't be able to ban IPs.
ENABLE_FAIL2BAN=1

# Fail2Ban blocktype
# drop   => drop packet (send NO reply)
# reject => reject packet (send ICMP unreachable)
FAIL2BAN_BLOCKTYPE=drop
...

fail2ban-jail.cf

[DEFAULT]

# "bantime" is the number of seconds that a host is banned.
bantime = 1w

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 1w

# "maxretry" is the number of failures before a host get banned.
maxretry = 4

# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8

# default ban action
# nftables-multiport: block IP only on affected port
# nftables-allports:  block IP on all ports
banaction = nftables-allports

[dovecot]
enabled = true

[postfix]
enabled = true
# For a reference on why this mode was chose, see
# https://github.com/docker-mailserver/docker-mailserver/issues/3256#issuecomment-1511188760
mode = extra

[postfix-sasl]
enabled = true

# This jail is used for manual bans.
# To ban an IP address use: setup.sh fail2ban ban <IP>
[custom]
enabled = true
bantime = 180d
port = smtp,pop3,pop3s,imap,imaps,submission,submissions,sieve

If i look at the Fail2Ban setup it seems it was set up correctly, yet im unsure of how to test/solve this.

casperklein · 2024-01-06T21:30:12Z

casperklein
Jan 6, 2024
Maintainer

That's odd. Your configuration looks good to me.

You can verify inside the container if the IP is blocked: nft list table inet f2b-table

Are you using a supported OS? Any unusual network configuration?

4 replies

lennartbrandin Jan 7, 2024
Author

Well the output looks bad:

% dc exec mailserver nft list table inet f2b-table
XT match tcp not found
XT target DNAT not found
XT match udp not found
XT target DNAT not found
XT match tcp not found
XT target SNAT not found
XT match udp not found
XT target SNAT not found
table inet f2b-table {
	chain f2b-chain {
		type filter hook input priority filter - 1; policy accept;
	}
}

Any idea what could be wrong?

Apologies i seem to have forgot entirely about system information it is a VPS running Ubuntu 22.04.3 LTS x86_64

casperklein Jan 7, 2024
Maintainer

The expected output should be something like this:

Details

# nft list table inet f2b-table
XT match tcp not found
XT target DNAT not found
XT match udp not found
XT target DNAT not found
XT match tcp not found
XT target SNAT not found
XT match udp not found
XT target SNAT not found
table inet f2b-table {
        set addr-set-postfix {
                type ipv4_addr
                flags interval
                elements = { 23.151.232.115, 45.129.14.51,
                             204.152.197.190, 223.240.223.249 }
        }

        set addr-set-dovecot {
                type ipv4_addr
                flags interval
                elements = { 24.92.177.65, 24.199.36.58,
                             51.52.243.18, 103.147.62.157 }
        }

        chain f2b-chain {
                type filter hook input priority filter - 1; policy accept;
                meta l4proto { tcp } ip saddr @addr-set-postfix drop
                meta l4proto { tcp } ip saddr @addr-set-dovecot drop
        }
}

Did you already check those log files inside the container for errors?

/var/log/supervisor/fail2ban.log
/var/log/fail2ban.log

lennartbrandin Jan 7, 2024
Author

The logs from the startup are interesting

/var/log/fail2ban.log

2024-01-07 22:47:09,230 fail2ban.server         [734]: INFO    Exiting Fail2ban
2024-01-07 22:47:42,886 fail2ban.server         [745]: INFO    --------------------------------------------------
2024-01-07 22:47:42,886 fail2ban.server         [745]: INFO    Starting Fail2ban v1.0.2
2024-01-07 22:47:42,898 fail2ban.observer       [745]: INFO    Observer start...
2024-01-07 22:47:42,906 fail2ban.database       [745]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2024-01-07 22:47:42,908 fail2ban.jail           [745]: INFO    Creating new jail 'postfix'
2024-01-07 22:47:42,951 fail2ban.jail           [745]: INFO    Jail 'postfix' uses pyinotify {}
2024-01-07 22:47:42,968 fail2ban.jail           [745]: INFO    Initiated 'pyinotify' backend
2024-01-07 22:47:42,975 fail2ban.filter         [745]: INFO      maxRetry: 4
2024-01-07 22:47:42,975 fail2ban.filter         [745]: INFO      findtime: 604800
2024-01-07 22:47:42,975 fail2ban.actions        [745]: INFO      banTime: 604800
2024-01-07 22:47:42,975 fail2ban.filter         [745]: INFO      encoding: UTF-8
2024-01-07 22:47:42,976 fail2ban.filter         [745]: INFO    Added logfile: '/var/log/mail.log' (pos = 2638492, hash = 0df538f61f646a1dec6ab2259298b7d704716c93)
2024-01-07 22:47:42,976 fail2ban.jail           [745]: INFO    Creating new jail 'dovecot'
2024-01-07 22:47:42,976 fail2ban.jail           [745]: INFO    Jail 'dovecot' uses pyinotify {}
2024-01-07 22:47:42,998 fail2ban.jail           [745]: INFO    Initiated 'pyinotify' backend
2024-01-07 22:47:43,004 fail2ban.datedetector   [745]: INFO      date pattern `''`: `{^LN-BEG}TAI64N`
2024-01-07 22:47:43,004 fail2ban.filter         [745]: INFO      maxRetry: 4
2024-01-07 22:47:43,004 fail2ban.filter         [745]: INFO      findtime: 604800
2024-01-07 22:47:43,004 fail2ban.actions        [745]: INFO      banTime: 604800
2024-01-07 22:47:43,004 fail2ban.filter         [745]: INFO      encoding: UTF-8
2024-01-07 22:47:43,004 fail2ban.filter         [745]: INFO    Added logfile: '/var/log/mail.log' (pos = 2638492, hash = 0df538f61f646a1dec6ab2259298b7d704716c93)
2024-01-07 22:47:43,005 fail2ban.jail           [745]: INFO    Creating new jail 'postfix-sasl'
2024-01-07 22:47:43,005 fail2ban.jail           [745]: INFO    Jail 'postfix-sasl' uses pyinotify {}
2024-01-07 22:47:43,015 fail2ban.jail           [745]: INFO    Initiated 'pyinotify' backend
2024-01-07 22:47:43,016 fail2ban.filter         [745]: INFO      maxRetry: 4
2024-01-07 22:47:43,016 fail2ban.filter         [745]: INFO      findtime: 604800
2024-01-07 22:47:43,017 fail2ban.actions        [745]: INFO      banTime: 604800
2024-01-07 22:47:43,017 fail2ban.filter         [745]: INFO      encoding: UTF-8
2024-01-07 22:47:43,017 fail2ban.filter         [745]: INFO    Added logfile: '/var/log/mail.log' (pos = 2638492, hash = 0df538f61f646a1dec6ab2259298b7d704716c93)
2024-01-07 22:47:43,017 fail2ban.jail           [745]: INFO    Creating new jail 'custom'
2024-01-07 22:47:43,017 fail2ban.jail           [745]: INFO    Jail 'custom' uses pyinotify {}
2024-01-07 22:47:43,028 fail2ban.jail           [745]: INFO    Initiated 'pyinotify' backend
2024-01-07 22:47:43,029 fail2ban.filter         [745]: INFO      maxRetry: 4
2024-01-07 22:47:43,029 fail2ban.filter         [745]: INFO      findtime: 604800
2024-01-07 22:47:43,029 fail2ban.actions        [745]: INFO      banTime: 15552000
2024-01-07 22:47:43,029 fail2ban.filter         [745]: INFO      encoding: UTF-8
2024-01-07 22:47:43,128 fail2ban.jail           [745]: INFO    Jail 'postfix' started
2024-01-07 22:47:43,194 fail2ban.jail           [745]: INFO    Jail 'dovecot' started
2024-01-07 22:47:43,220 fail2ban.jail           [745]: INFO    Jail 'postfix-sasl' started
2024-01-07 22:47:43,257 fail2ban.actions        [745]: NOTICE  [postfix] Restore Ban 141.98.10.124
2024-01-07 22:47:43,264 fail2ban.jail           [745]: INFO    Jail 'custom' started
2024-01-07 22:47:43,395 fail2ban.actions        [745]: NOTICE  [dovecot] Restore Ban 141.98.10.124
2024-01-07 22:47:43,421 fail2ban.actions        [745]: NOTICE  [postfix-sasl] Restore Ban 141.98.10.124
2024-01-07 22:47:43,750 fail2ban.utils          [745]: ERROR   7f745261e710 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix drop

2024-01-07 22:47:43,751 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:43,751 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add set inet f2b-table addr-set-postfix { type ipv4_addr; flags interval; }'
2024-01-07 22:47:43,751 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:43,751 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:43,751 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix drop'
2024-01-07 22:47:43,751 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:43,751 fail2ban.utils          [745]: ERROR   7f745261e710 -- returned 1
2024-01-07 22:47:43,751 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'postfix' action 'nftables-allports' info 'ActionInfo({'ip': '141.98.10.124', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('postfix')/nftables-allports: 'Script error'
2024-01-07 22:47:43,751 fail2ban.actions        [745]: NOTICE  [postfix] Restore Ban 141.98.11.68
2024-01-07 22:47:43,981 fail2ban.utils          [745]: ERROR   7f745261e710 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix drop

2024-01-07 22:47:43,981 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:43,981 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add set inet f2b-table addr-set-postfix { type ipv4_addr; flags interval; }'
2024-01-07 22:47:43,981 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:43,981 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:43,981 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix drop'
2024-01-07 22:47:43,981 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:43,981 fail2ban.utils          [745]: ERROR   7f745261e710 -- returned 1
2024-01-07 22:47:43,981 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'postfix' action 'nftables-allports' info 'ActionInfo({'ip': '141.98.11.68', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('postfix')/nftables-allports: 'Script error'
2024-01-07 22:47:43,981 fail2ban.actions        [745]: NOTICE  [postfix] Restore Ban 172.19.0.1
2024-01-07 22:47:44,134 fail2ban.utils          [745]: ERROR   7f745261e710 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix drop

2024-01-07 22:47:44,134 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:44,134 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add set inet f2b-table addr-set-postfix { type ipv4_addr; flags interval; }'
2024-01-07 22:47:44,134 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,134 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:44,134 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix drop'
2024-01-07 22:47:44,134 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,134 fail2ban.utils          [745]: ERROR   7f745261e710 -- returned 1
2024-01-07 22:47:44,134 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'postfix' action 'nftables-allports' info 'ActionInfo({'ip': '172.19.0.1', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('postfix')/nftables-allports: 'Script error'
2024-01-07 22:47:44,134 fail2ban.actions        [745]: NOTICE  [postfix] Restore Ban 185.36.81.40
2024-01-07 22:47:44,263 fail2ban.utils          [745]: ERROR   7f745261e710 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix drop

2024-01-07 22:47:44,263 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:44,263 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add set inet f2b-table addr-set-postfix { type ipv4_addr; flags interval; }'
2024-01-07 22:47:44,263 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,263 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:44,264 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix drop'
2024-01-07 22:47:44,264 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,264 fail2ban.utils          [745]: ERROR   7f745261e710 -- returned 1
2024-01-07 22:47:44,264 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'postfix' action 'nftables-allports' info 'ActionInfo({'ip': '185.36.81.40', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('postfix')/nftables-allports: 'Script error'
2024-01-07 22:47:44,264 fail2ban.actions        [745]: NOTICE  [postfix] Restore Ban 192.168.0.1
2024-01-07 22:47:44,436 fail2ban.utils          [745]: ERROR   7f745261e710 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix drop

2024-01-07 22:47:44,436 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:44,436 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add set inet f2b-table addr-set-postfix { type ipv4_addr; flags interval; }'
2024-01-07 22:47:44,436 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,436 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:44,436 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix drop'
2024-01-07 22:47:44,436 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,437 fail2ban.utils          [745]: ERROR   7f745261e710 -- returned 1
2024-01-07 22:47:44,437 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'postfix' action 'nftables-allports' info 'ActionInfo({'ip': '192.168.0.1', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('postfix')/nftables-allports: 'Script error'
2024-01-07 22:47:44,437 fail2ban.actions        [745]: NOTICE  [postfix] Restore Ban 192.168.48.1
2024-01-07 22:47:44,571 fail2ban.utils          [745]: ERROR   7f745261e710 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix drop

2024-01-07 22:47:44,571 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:44,571 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add set inet f2b-table addr-set-postfix { type ipv4_addr; flags interval; }'
2024-01-07 22:47:44,571 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,571 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:44,571 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix drop'
2024-01-07 22:47:44,571 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,571 fail2ban.utils          [745]: ERROR   7f745261e710 -- returned 1
2024-01-07 22:47:44,571 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'postfix' action 'nftables-allports' info 'ActionInfo({'ip': '192.168.48.1', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('postfix')/nftables-allports: 'Script error'
2024-01-07 22:47:44,573 fail2ban.actions        [745]: NOTICE  [postfix] Restore Ban 194.169.175.10
2024-01-07 22:47:44,686 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix-sasl \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix-sasl drop

2024-01-07 22:47:44,686 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:44,686 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'add set inet f2b-table addr-set-postfix-sasl { type ipv4_addr; flags interval; }'
2024-01-07 22:47:44,686 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,686 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:44,686 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix-sasl drop'
2024-01-07 22:47:44,686 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,686 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- returned 1
2024-01-07 22:47:44,686 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'postfix-sasl' action 'nftables-allports' info 'ActionInfo({'ip': '141.98.10.124', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('postfix-sasl')/nftables-allports: 'Script error'
2024-01-07 22:47:44,686 fail2ban.actions        [745]: NOTICE  [postfix-sasl] Restore Ban 141.98.11.68
2024-01-07 22:47:44,782 fail2ban.utils          [745]: ERROR   7f745261e870 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-dovecot \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-dovecot drop

2024-01-07 22:47:44,782 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:44,782 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'add set inet f2b-table addr-set-dovecot { type ipv4_addr; flags interval; }'
2024-01-07 22:47:44,782 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,782 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:44,782 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-dovecot drop'
2024-01-07 22:47:44,782 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,782 fail2ban.utils          [745]: ERROR   7f745261e870 -- returned 1
2024-01-07 22:47:44,782 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'dovecot' action 'nftables-allports' info 'ActionInfo({'ip': '141.98.10.124', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('dovecot')/nftables-allports: 'Script error'
2024-01-07 22:47:44,782 fail2ban.actions        [745]: NOTICE  [dovecot] Restore Ban 141.98.11.68
2024-01-07 22:47:44,935 fail2ban.utils          [745]: ERROR   7f745261e870 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-dovecot \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-dovecot drop

2024-01-07 22:47:44,935 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:44,935 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'add set inet f2b-table addr-set-dovecot { type ipv4_addr; flags interval; }'
2024-01-07 22:47:44,935 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,935 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:44,935 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-dovecot drop'
2024-01-07 22:47:44,935 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:44,935 fail2ban.utils          [745]: ERROR   7f745261e870 -- returned 1
2024-01-07 22:47:44,935 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'dovecot' action 'nftables-allports' info 'ActionInfo({'ip': '141.98.11.68', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('dovecot')/nftables-allports: 'Script error'
2024-01-07 22:47:44,936 fail2ban.actions        [745]: NOTICE  [dovecot] Restore Ban 185.36.81.40
2024-01-07 22:47:45,107 fail2ban.utils          [745]: ERROR   7f745261e870 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-dovecot \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-dovecot drop

2024-01-07 22:47:45,107 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:45,107 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'add set inet f2b-table addr-set-dovecot { type ipv4_addr; flags interval; }'
2024-01-07 22:47:45,107 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:45,107 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:45,107 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-dovecot drop'
2024-01-07 22:47:45,107 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:45,107 fail2ban.utils          [745]: ERROR   7f745261e870 -- returned 1
2024-01-07 22:47:45,107 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'dovecot' action 'nftables-allports' info 'ActionInfo({'ip': '185.36.81.40', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('dovecot')/nftables-allports: 'Script error'
2024-01-07 22:47:45,107 fail2ban.actions        [745]: NOTICE  [dovecot] Restore Ban 194.169.175.10
2024-01-07 22:47:45,228 fail2ban.utils          [745]: ERROR   7f745261e870 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-dovecot \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-dovecot drop

2024-01-07 22:47:45,228 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:45,228 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'add set inet f2b-table addr-set-dovecot { type ipv4_addr; flags interval; }'
2024-01-07 22:47:45,228 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:45,228 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:45,228 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-dovecot drop'
2024-01-07 22:47:45,228 fail2ban.utils          [745]: ERROR   7f745261e870 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:45,229 fail2ban.utils          [745]: ERROR   7f745261e870 -- returned 1
2024-01-07 22:47:45,229 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'dovecot' action 'nftables-allports' info 'ActionInfo({'ip': '194.169.175.10', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('dovecot')/nftables-allports: 'Script error'
2024-01-07 22:47:45,397 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix-sasl \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix-sasl drop

2024-01-07 22:47:45,397 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:45,397 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'add set inet f2b-table addr-set-postfix-sasl { type ipv4_addr; flags interval; }'
2024-01-07 22:47:45,397 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:45,397 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:45,397 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix-sasl drop'
2024-01-07 22:47:45,398 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:45,398 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- returned 1
2024-01-07 22:47:45,398 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'postfix-sasl' action 'nftables-allports' info 'ActionInfo({'ip': '141.98.11.68', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('postfix-sasl')/nftables-allports: 'Script error'
2024-01-07 22:47:45,398 fail2ban.actions        [745]: NOTICE  [postfix-sasl] Restore Ban 185.36.81.40
2024-01-07 22:47:45,553 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix-sasl \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix-sasl drop

2024-01-07 22:47:45,553 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:45,553 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'add set inet f2b-table addr-set-postfix-sasl { type ipv4_addr; flags interval; }'
2024-01-07 22:47:45,553 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:45,553 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:45,553 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix-sasl drop'
2024-01-07 22:47:45,553 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:45,553 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- returned 1
2024-01-07 22:47:45,554 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'postfix-sasl' action 'nftables-allports' info 'ActionInfo({'ip': '185.36.81.40', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('postfix-sasl')/nftables-allports: 'Script error'
2024-01-07 22:47:45,554 fail2ban.actions        [745]: NOTICE  [postfix-sasl] Restore Ban 194.169.175.10
2024-01-07 22:47:45,695 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix-sasl \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix-sasl drop

2024-01-07 22:47:45,695 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:45,695 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'add set inet f2b-table addr-set-postfix-sasl { type ipv4_addr; flags interval; }'
2024-01-07 22:47:45,695 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:45,695 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:45,695 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix-sasl drop'
2024-01-07 22:47:45,695 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:45,696 fail2ban.utils          [745]: ERROR   7f745261e9d0 -- returned 1
2024-01-07 22:47:45,696 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'postfix-sasl' action 'nftables-allports' info 'ActionInfo({'ip': '194.169.175.10', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('postfix-sasl')/nftables-allports: 'Script error'
2024-01-07 22:47:45,795 fail2ban.utils          [745]: ERROR   7f745261e710 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix drop

2024-01-07 22:47:45,795 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-07 22:47:45,795 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add set inet f2b-table addr-set-postfix { type ipv4_addr; flags interval; }'
2024-01-07 22:47:45,795 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:45,795 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'Error: No such file or directory'
2024-01-07 22:47:45,795 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix drop'
2024-01-07 22:47:45,795 fail2ban.utils          [745]: ERROR   7f745261e710 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-07 22:47:45,795 fail2ban.utils          [745]: ERROR   7f745261e710 -- returned 1
2024-01-07 22:47:45,795 fail2ban.actions        [745]: ERROR   Failed to execute ban jail 'postfix' action 'nftables-allports' info 'ActionInfo({'ip': '194.169.175.10', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7452ad6f70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7452ad4670>})': Error starting action Jail('postfix')/nftables-allports: 'Script error'
2024-01-07 22:48:58,901 fail2ban.filter         [745]: INFO    [dovecot] Found 141.98.11.68 - 2024-01-07 22:48:58
2024-01-07 22:49:00,040 fail2ban.filter         [745]: INFO    [postfix] Found 141.98.11.68 - 2024-01-07 22:49:00
2024-01-07 22:49:00,041 fail2ban.filter         [745]: INFO    [postfix-sasl] Found 141.98.11.68 - 2024-01-07 22:49:00
2024-01-07 22:49:04,995 fail2ban.filter         [745]: INFO    [dovecot] Found 194.169.175.10 - 2024-01-07 22:49:04

Afterwards F2B just warns about trying to ban already banned ips

/var/log/supervisor/fail2ban.log

# cat /var/log/supervisor/fail2ban.log 
Server ready

casperklein Jan 8, 2024
Maintainer

Seems related to: #3574

lennartbrandin · 2024-01-08T15:24:03Z

lennartbrandin
Jan 8, 2024
Author

TLDR

Tried to setup from scratch (except docker-data/dms/mail-data docker-data/dms/config), still same result

Attempt

In face of the mentioned issue which was closed without yielding a proper solution and it was on a OS EOL, i tried to setup DMS from scratch except the data and keys to review which nondefault changes i made.
Here is the compose.yaml which is mostly default according to edge usage guide (Last version is v13.2.0) except the hostname, mounts and environments.

Config

services:
  mailserver:
    image: ghcr.io/docker-mailserver/docker-mailserver:latest
    container_name: mailserver
    # Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
    hostname: mail.myserver.com
    env_file: mailserver.env
    # More information about the mail-server ports:
    # https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
    # To avoid conflicts with yaml base-60 float, DO NOT remove the quotation marks.
    ports:
      - "25:25"    # SMTP  (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
      - "143:143"  # IMAP4 (explicit TLS => STARTTLS)
      - "465:465"  # ESMTP (implicit TLS)
      - "587:587"  # ESMTP (explicit TLS => STARTTLS)
      - "993:993"  # IMAP4 (implicit TLS)
    volumes:
      - ./config/dovecot/10-custom.conf:/etc/dovecot/conf.d/10-custom.conf
      - ./docker-data/dms/mail-data/:/var/mail/
      - ./docker-data/dms/mail-state/:/var/mail-state/
      - ./docker-data/dms/mail-logs/:/var/log/mail/
      - ./docker-data/dms/config/:/tmp/docker-mailserver/
      - ./docker-data/dkim/tmp:/tmp/docker-mailserver/opendkim/keys/myserver.com
      - ./docker-data/dkim/etc:/etc/opendkim/keys/myserver.com
      - ./docker-data/certs:/certs:ro
      - /etc/localtime:/etc/localtime:ro
      - "../nginx/letsencrypt/live/mail.myserver.com/fullchain.pem:/tmp/dms/custom-certs/fullchain.pem"
      - "../nginx/letsencrypt/live/mail.myserver.com/privkey.pem:/tmp/dms/custom-certs/privkey.pem:ro"
    restart: always
    stop_grace_period: 1m
    # Uncomment if using `ENABLE_FAIL2BAN=1`:
    cap_add:
      - NET_ADMIN
    healthcheck:
      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
      timeout: 3s
      retries: 0
    environment:
      - ENABLE_UPDATE_CHECK=0
      - SPOOF_PROTECTION=0
      - ENABLE_FAIL2BAN=1
      - SSL_TYPE=manual
      - SSL_CERT_PATH=/tmp/dms/custom-certs/fullchain.pem
      - SSL_KEY_PATH=/tmp/dms/custom-certs/privkey.pem
      - PFLOGSUMM_TRIGGER=daily_cron # logrotate
      - LOGWATCH_INTERVAL=daily

The mailserver.env is the default one.

And ive downloaded the preset fail2ban-jail.cf & fail2ban-fail2ban.cf to docker-data/dms/config

Logs

Unfortunately the logs still seem the same

Fail2Ban log

2024-01-08 16:09:56,801 fail2ban.server         [731]: INFO    --------------------------------------------------
2024-01-08 16:09:56,801 fail2ban.server         [731]: INFO    Starting Fail2ban v1.0.2
2024-01-08 16:09:56,809 fail2ban.observer       [731]: INFO    Observer start...
2024-01-08 16:09:56,820 fail2ban.database       [731]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2024-01-08 16:09:56,823 fail2ban.database       [731]: WARNING New database created. Version '4'
2024-01-08 16:09:56,823 fail2ban.jail           [731]: INFO    Creating new jail 'postfix'
2024-01-08 16:09:56,869 fail2ban.jail           [731]: INFO    Jail 'postfix' uses pyinotify {}
2024-01-08 16:09:56,882 fail2ban.jail           [731]: INFO    Initiated 'pyinotify' backend
2024-01-08 16:09:56,889 fail2ban.filter         [731]: INFO      maxRetry: 4
2024-01-08 16:09:56,889 fail2ban.filter         [731]: INFO      findtime: 604800
2024-01-08 16:09:56,889 fail2ban.actions        [731]: INFO      banTime: 604800
2024-01-08 16:09:56,889 fail2ban.filter         [731]: INFO      encoding: UTF-8
2024-01-08 16:09:56,889 fail2ban.filter         [731]: INFO    Added logfile: '/var/log/mail.log' (pos = 0, hash = 59353f5cbbc4d9a2116d68151eeaae28c8031b74)
2024-01-08 16:09:56,890 fail2ban.jail           [731]: INFO    Creating new jail 'dovecot'
2024-01-08 16:09:56,890 fail2ban.jail           [731]: INFO    Jail 'dovecot' uses pyinotify {}
2024-01-08 16:09:56,910 fail2ban.jail           [731]: INFO    Initiated 'pyinotify' backend
2024-01-08 16:09:56,916 fail2ban.datedetector   [731]: INFO      date pattern `''`: `{^LN-BEG}TAI64N`
2024-01-08 16:09:56,916 fail2ban.filter         [731]: INFO      maxRetry: 4
2024-01-08 16:09:56,916 fail2ban.filter         [731]: INFO      findtime: 604800
2024-01-08 16:09:56,916 fail2ban.actions        [731]: INFO      banTime: 604800
2024-01-08 16:09:56,916 fail2ban.filter         [731]: INFO      encoding: UTF-8
2024-01-08 16:09:56,916 fail2ban.filter         [731]: INFO    Added logfile: '/var/log/mail.log' (pos = 0, hash = 59353f5cbbc4d9a2116d68151eeaae28c8031b74)
2024-01-08 16:09:56,917 fail2ban.jail           [731]: INFO    Creating new jail 'postfix-sasl'
2024-01-08 16:09:56,917 fail2ban.jail           [731]: INFO    Jail 'postfix-sasl' uses pyinotify {}
2024-01-08 16:09:56,925 fail2ban.jail           [731]: INFO    Initiated 'pyinotify' backend
2024-01-08 16:09:56,926 fail2ban.filter         [731]: INFO      maxRetry: 4
2024-01-08 16:09:56,926 fail2ban.filter         [731]: INFO      findtime: 604800
2024-01-08 16:09:56,926 fail2ban.actions        [731]: INFO      banTime: 604800
2024-01-08 16:09:56,926 fail2ban.filter         [731]: INFO      encoding: UTF-8
2024-01-08 16:09:56,927 fail2ban.filter         [731]: INFO    Added logfile: '/var/log/mail.log' (pos = 0, hash = 59353f5cbbc4d9a2116d68151eeaae28c8031b74)
2024-01-08 16:09:56,927 fail2ban.jail           [731]: INFO    Creating new jail 'custom'
2024-01-08 16:09:56,927 fail2ban.jail           [731]: INFO    Jail 'custom' uses pyinotify {}
2024-01-08 16:09:56,965 fail2ban.jail           [731]: INFO    Initiated 'pyinotify' backend
2024-01-08 16:09:56,966 fail2ban.filter         [731]: INFO      maxRetry: 4
2024-01-08 16:09:56,966 fail2ban.filter         [731]: INFO      findtime: 604800
2024-01-08 16:09:56,966 fail2ban.actions        [731]: INFO      banTime: 15552000
2024-01-08 16:09:56,966 fail2ban.filter         [731]: INFO      encoding: UTF-8
2024-01-08 16:09:56,992 fail2ban.jail           [731]: INFO    Jail 'postfix' started
2024-01-08 16:09:57,007 fail2ban.jail           [731]: INFO    Jail 'dovecot' started
2024-01-08 16:09:57,026 fail2ban.jail           [731]: INFO    Jail 'postfix-sasl' started
2024-01-08 16:09:57,063 fail2ban.jail           [731]: INFO    Jail 'custom' started
2024-01-08 16:10:54,684 fail2ban.filter         [731]: INFO    [dovecot] Found 194.169.175.10 - 2024-01-08 16:10:54
2024-01-08 16:10:56,282 fail2ban.filter         [731]: INFO    [postfix] Found 194.169.175.10 - 2024-01-08 16:10:56
2024-01-08 16:10:56,283 fail2ban.filter         [731]: INFO    [postfix-sasl] Found 194.169.175.10 - 2024-01-08 16:10:56
2024-01-08 16:10:56,287 fail2ban.filter         [731]: INFO    [dovecot] Found 141.98.11.68 - 2024-01-08 16:10:55
2024-01-08 16:10:57,183 fail2ban.filter         [731]: INFO    [postfix-sasl] Found 141.98.11.68 - 2024-01-08 16:10:57
2024-01-08 16:10:57,183 fail2ban.filter         [731]: INFO    [postfix] Found 141.98.11.68 - 2024-01-08 16:10:57
2024-01-08 16:11:31,303 fail2ban.filter         [731]: INFO    [dovecot] Found 194.169.175.10 - 2024-01-08 16:11:31
2024-01-08 16:11:33,305 fail2ban.filter         [731]: INFO    [postfix] Found 194.169.175.10 - 2024-01-08 16:11:33
2024-01-08 16:11:33,306 fail2ban.filter         [731]: INFO    [postfix-sasl] Found 194.169.175.10 - 2024-01-08 16:11:33
2024-01-08 16:11:38,110 fail2ban.filter         [731]: INFO    [dovecot] Found 141.98.11.68 - 2024-01-08 16:11:37
2024-01-08 16:11:39,342 fail2ban.filter         [731]: INFO    [postfix] Found 141.98.11.68 - 2024-01-08 16:11:39
2024-01-08 16:11:39,343 fail2ban.filter         [731]: INFO    [postfix-sasl] Found 141.98.11.68 - 2024-01-08 16:11:39
2024-01-08 16:12:14,821 fail2ban.filter         [731]: INFO    [dovecot] Found 194.169.175.10 - 2024-01-08 16:12:14
2024-01-08 16:12:16,427 fail2ban.filter         [731]: INFO    [postfix-sasl] Found 194.169.175.10 - 2024-01-08 16:12:16
2024-01-08 16:12:16,427 fail2ban.filter         [731]: INFO    [postfix] Found 194.169.175.10 - 2024-01-08 16:12:16
2024-01-08 16:12:22,357 fail2ban.filter         [731]: INFO    [dovecot] Found 141.98.11.68 - 2024-01-08 16:12:22
2024-01-08 16:12:24,199 fail2ban.filter         [731]: INFO    [postfix] Found 141.98.11.68 - 2024-01-08 16:12:24
2024-01-08 16:12:24,200 fail2ban.filter         [731]: INFO    [postfix-sasl] Found 141.98.11.68 - 2024-01-08 16:12:24
2024-01-08 16:12:54,505 fail2ban.filter         [731]: INFO    [dovecot] Found 194.169.175.10 - 2024-01-08 16:12:54
2024-01-08 16:12:54,662 fail2ban.actions        [731]: NOTICE  [dovecot] Ban 194.169.175.10
2024-01-08 16:12:55,002 fail2ban.utils          [731]: ERROR   7f671d894710 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-dovecot \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-dovecot drop

2024-01-08 16:12:55,002 fail2ban.utils          [731]: ERROR   7f671d894710 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-08 16:12:55,002 fail2ban.utils          [731]: ERROR   7f671d894710 -- stderr: 'add set inet f2b-table addr-set-dovecot { type ipv4_addr; flags interval; }'
2024-01-08 16:12:55,002 fail2ban.utils          [731]: ERROR   7f671d894710 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-08 16:12:55,002 fail2ban.utils          [731]: ERROR   7f671d894710 -- stderr: 'Error: No such file or directory'
2024-01-08 16:12:55,002 fail2ban.utils          [731]: ERROR   7f671d894710 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-dovecot drop'
2024-01-08 16:12:55,002 fail2ban.utils          [731]: ERROR   7f671d894710 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-08 16:12:55,002 fail2ban.utils          [731]: ERROR   7f671d894710 -- returned 1
2024-01-08 16:12:55,002 fail2ban.actions        [731]: ERROR   Failed to execute ban jail 'dovecot' action 'nftables-allports' info 'ActionInfo({'ip': '194.169.175.10', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f671dd4df70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f671dd4c670>})': Error starting action Jail('dovecot')/nftables-allports: 'Script error'
2024-01-08 16:12:56,376 fail2ban.filter         [731]: INFO    [postfix] Found 194.169.175.10 - 2024-01-08 16:12:56
2024-01-08 16:12:56,377 fail2ban.filter         [731]: INFO    [postfix-sasl] Found 194.169.175.10 - 2024-01-08 16:12:56
2024-01-08 16:12:56,664 fail2ban.actions        [731]: NOTICE  [postfix-sasl] Ban 194.169.175.10
2024-01-08 16:12:56,670 fail2ban.actions        [731]: NOTICE  [postfix] Ban 194.169.175.10
2024-01-08 16:12:57,054 fail2ban.utils          [731]: ERROR   7f671d894870 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix-sasl \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix-sasl drop

2024-01-08 16:12:57,055 fail2ban.utils          [731]: ERROR   7f671d894870 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-08 16:12:57,055 fail2ban.utils          [731]: ERROR   7f671d894870 -- stderr: 'add set inet f2b-table addr-set-postfix-sasl { type ipv4_addr; flags interval; }'
2024-01-08 16:12:57,055 fail2ban.utils          [731]: ERROR   7f671d894870 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-08 16:12:57,055 fail2ban.utils          [731]: ERROR   7f671d894870 -- stderr: 'Error: No such file or directory'
2024-01-08 16:12:57,055 fail2ban.utils          [731]: ERROR   7f671d894870 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix-sasl drop'
2024-01-08 16:12:57,055 fail2ban.utils          [731]: ERROR   7f671d894870 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^^^^^^'
2024-01-08 16:12:57,055 fail2ban.utils          [731]: ERROR   7f671d894870 -- returned 1
2024-01-08 16:12:57,055 fail2ban.actions        [731]: ERROR   Failed to execute ban jail 'postfix-sasl' action 'nftables-allports' info 'ActionInfo({'ip': '194.169.175.10', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f671dd4df70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f671dd4c670>})': Error starting action Jail('postfix-sasl')/nftables-allports: 'Script error'
2024-01-08 16:12:57,530 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix drop

2024-01-08 16:12:57,531 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-08 16:12:57,531 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- stderr: 'add set inet f2b-table addr-set-postfix { type ipv4_addr; flags interval; }'
2024-01-08 16:12:57,531 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-08 16:12:57,531 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- stderr: 'Error: No such file or directory'
2024-01-08 16:12:57,531 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix drop'
2024-01-08 16:12:57,531 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-08 16:12:57,531 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- returned 1
2024-01-08 16:12:57,531 fail2ban.actions        [731]: ERROR   Failed to execute ban jail 'postfix' action 'nftables-allports' info 'ActionInfo({'ip': '194.169.175.10', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f671dd4df70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f671dd4c670>})': Error starting action Jail('postfix')/nftables-allports: 'Script error'
2024-01-08 16:13:00,282 fail2ban.filter         [731]: INFO    [dovecot] Found 141.98.11.68 - 2024-01-08 16:13:00
2024-01-08 16:13:01,006 fail2ban.actions        [731]: NOTICE  [dovecot] Ban 141.98.11.68
2024-01-08 16:13:01,315 fail2ban.utils          [731]: ERROR   7f671d894710 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-dovecot \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-dovecot drop

2024-01-08 16:13:01,316 fail2ban.utils          [731]: ERROR   7f671d894710 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-08 16:13:01,316 fail2ban.utils          [731]: ERROR   7f671d894710 -- stderr: 'add set inet f2b-table addr-set-dovecot { type ipv4_addr; flags interval; }'
2024-01-08 16:13:01,316 fail2ban.utils          [731]: ERROR   7f671d894710 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-08 16:13:01,316 fail2ban.utils          [731]: ERROR   7f671d894710 -- stderr: 'Error: No such file or directory'
2024-01-08 16:13:01,316 fail2ban.utils          [731]: ERROR   7f671d894710 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-dovecot drop'
2024-01-08 16:13:01,316 fail2ban.utils          [731]: ERROR   7f671d894710 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-08 16:13:01,316 fail2ban.utils          [731]: ERROR   7f671d894710 -- returned 1
2024-01-08 16:13:01,316 fail2ban.actions        [731]: ERROR   Failed to execute ban jail 'dovecot' action 'nftables-allports' info 'ActionInfo({'ip': '141.98.11.68', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f671dd4df70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f671dd4c670>})': Error starting action Jail('dovecot')/nftables-allports: 'Script error'
2024-01-08 16:13:02,197 fail2ban.filter         [731]: INFO    [postfix-sasl] Found 141.98.11.68 - 2024-01-08 16:13:02
2024-01-08 16:13:02,197 fail2ban.filter         [731]: INFO    [postfix] Found 141.98.11.68 - 2024-01-08 16:13:02
2024-01-08 16:13:02,267 fail2ban.actions        [731]: NOTICE  [postfix-sasl] Ban 141.98.11.68
2024-01-08 16:13:02,736 fail2ban.actions        [731]: NOTICE  [postfix] Ban 141.98.11.68
2024-01-08 16:13:02,888 fail2ban.utils          [731]: ERROR   7f671d894870 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix-sasl \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix-sasl drop

2024-01-08 16:13:02,888 fail2ban.utils          [731]: ERROR   7f671d894870 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-08 16:13:02,888 fail2ban.utils          [731]: ERROR   7f671d894870 -- stderr: 'add set inet f2b-table addr-set-postfix-sasl { type ipv4_addr; flags interval; }'
2024-01-08 16:13:02,888 fail2ban.utils          [731]: ERROR   7f671d894870 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-08 16:13:02,888 fail2ban.utils          [731]: ERROR   7f671d894870 -- stderr: 'Error: No such file or directory'
2024-01-08 16:13:02,889 fail2ban.utils          [731]: ERROR   7f671d894870 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix-sasl drop'
2024-01-08 16:13:02,889 fail2ban.utils          [731]: ERROR   7f671d894870 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^^^^^^'
2024-01-08 16:13:02,889 fail2ban.utils          [731]: ERROR   7f671d894870 -- returned 1
2024-01-08 16:13:02,889 fail2ban.actions        [731]: ERROR   Failed to execute ban jail 'postfix-sasl' action 'nftables-allports' info 'ActionInfo({'ip': '141.98.11.68', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f671dd4df70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f671dd4c670>})': Error starting action Jail('postfix-sasl')/nftables-allports: 'Script error'
2024-01-08 16:13:03,676 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-postfix \{ type ipv4_addr\; flags interval\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-postfix drop

2024-01-08 16:13:03,676 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-08 16:13:03,676 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- stderr: 'add set inet f2b-table addr-set-postfix { type ipv4_addr; flags interval; }'
2024-01-08 16:13:03,676 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-08 16:13:03,676 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- stderr: 'Error: No such file or directory'
2024-01-08 16:13:03,676 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix drop'
2024-01-08 16:13:03,676 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^'
2024-01-08 16:13:03,676 fail2ban.utils          [731]: ERROR   7f671d8949d0 -- returned 1
2024-01-08 16:13:03,676 fail2ban.actions        [731]: ERROR   Failed to execute ban jail 'postfix' action 'nftables-allports' info 'ActionInfo({'ip': '141.98.11.68', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f671dd4df70>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f671dd4c670>})': Error starting action Jail('postfix')/nftables-allports: 'Script error'
2024-01-08 16:13:37,461 fail2ban.filter         [731]: INFO    [dovecot] Found 194.169.175.10 - 2024-01-08 16:13:37
2024-01-08 16:13:39,297 fail2ban.filter         [731]: INFO    [postfix-sasl] Found 194.169.175.10 - 2024-01-08 16:13:39
2024-01-08 16:13:39,298 fail2ban.filter         [731]: INFO    [postfix] Found 194.169.175.10 - 2024-01-08 16:13:39
2024-01-08 16:13:44,103 fail2ban.filter         [731]: INFO    [dovecot] Found 141.98.11.68 - 2024-01-08 16:13:43
2024-01-08 16:13:45,505 fail2ban.filter         [731]: INFO    [postfix-sasl] Found 141.98.11.68 - 2024-01-08 16:13:45
2024-01-08 16:13:45,506 fail2ban.filter         [731]: INFO    [postfix] Found 141.98.11.68 - 2024-01-08 16:13:45
2024-01-08 16:14:20,948 fail2ban.filter         [731]: INFO    [dovecot] Found 194.169.175.10 - 2024-01-08 16:14:20
2024-01-08 16:14:22,561 fail2ban.filter         [731]: INFO    [postfix] Found 194.169.175.10 - 2024-01-08 16:14:22
2024-01-08 16:14:22,576 fail2ban.filter         [731]: INFO    [postfix-sasl] Found 194.169.175.10 - 2024-01-08 16:14:22
2024-01-08 16:14:28,298 fail2ban.filter         [731]: INFO    [dovecot] Found 141.98.11.68 - 2024-01-08 16:14:28

Fail2Ban status

Status for the jail: custom
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	0
|  `- File list:	
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:	

Status for the jail: dovecot
|- Filter
|  |- Currently failed:	2
|  |- Total failed:	12
|  `- File list:	/var/log/mail.log
`- Actions
   |- Currently banned:	2
   |- Total banned:	2
   `- Banned IP list:	194.169.175.10 141.98.11.68

Status for the jail: postfix
|- Filter
|  |- Currently failed:	2
|  |- Total failed:	12
|  `- File list:	/var/log/mail.log
`- Actions
   |- Currently banned:	2
   |- Total banned:	2
   `- Banned IP list:	194.169.175.10 141.98.11.68

Status for the jail: postfix-sasl
|- Filter
|  |- Currently failed:	2
|  |- Total failed:	12
|  `- File list:	/var/log/mail.log
`- Actions
   |- Currently banned:	2
   |- Total banned:	2
   `- Banned IP list:	194.169.175.10 141.98.11.68

Docker logs

Attaching to mailserver
mailserver    | [   INF   ]  Welcome to docker-mailserver v13.2.0
mailserver    | [   INF   ]  Checking configuration
mailserver    | [   INF   ]  Configuring mail server
mailserver    | [   INF   ]  Starting daemons
mailserver    | [   INF   ]  mail.myserver.com is up and running
mailserver    | Jan  8 16:09:57 mail postfix/postfix-script[873]: starting the Postfix mail system
mailserver    | Jan  8 16:09:57 mail postfix/master[874]: daemon started -- version 3.5.23, configuration /etc/postfix
mailserver    | Jan  8 16:09:57 mail amavis[762]: starting. /usr/sbin/amavisd-new at mail.myserver.com amavisd-new-2.11.1 (20181009), Unicode aware, LC_CTYPE="C.UTF-8"
mailserver    | Jan  8 16:09:57 mail amavis[762]: perl=5.032001, user=, EUID: 109 (109);  group=, EGID: 111 111 (111 111)
mailserver    | Jan  8 16:09:58 mail amavis[762]: Net::Server: Group Not Defined.  Defaulting to EGID '111 111'
mailserver    | Jan  8 16:09:58 mail amavis[762]: Net::Server: User Not Defined.  Defaulting to EUID '109'
mailserver    | Jan  8 16:09:58 mail amavis[762]: No ext program for   .zoo, tried: zoo
mailserver    | Jan  8 16:09:58 mail amavis[762]: No ext program for   .doc, tried: ripole
mailserver    | Jan  8 16:09:58 mail amavis[762]: No decoder for       .F   
mailserver    | Jan  8 16:09:58 mail amavis[762]: No decoder for       .doc 
mailserver    | Jan  8 16:09:58 mail amavis[762]: No decoder for       .zoo 
mailserver    | Jan  8 16:10:06 mail postfix/submissions/smtpd[888]: connect from unknown[194.169.175.10]
mailserver    | Jan  8 16:10:15 mail postfix/submissions/smtpd[952]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Jan  8 16:10:15 mail postfix/submissions/smtpd[952]: connect from unknown[141.98.11.68]
mailserver    | Jan  8 16:10:19 mail postfix/submissions/smtpd[888]: Anonymous TLS connection established from unknown[194.169.175.10]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:10:26 mail postfix/submissions/smtpd[952]: Anonymous TLS connection established from unknown[141.98.11.68]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:10:48 mail postfix/submissions/smtpd[1011]: connect from unknown[194.169.175.10]
mailserver    | Jan  8 16:10:54 mail dovecot: auth: passwd-file(cribb@myserver.com,194.169.175.10): unknown user (SHA1 of given password: a0a0d3)
mailserver    | Jan  8 16:10:55 mail dovecot: auth: passwd-file(monitor@myserver.com,141.98.11.68): unknown user (SHA1 of given password: 7ce035)
mailserver    | Jan  8 16:10:56 mail postfix/submissions/smtpd[888]: warning: unknown[194.169.175.10]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=cribb@myserver.com
mailserver    | Jan  8 16:10:57 mail postfix/submissions/smtpd[1087]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Jan  8 16:10:57 mail postfix/submissions/smtpd[1087]: connect from unknown[141.98.11.68]
mailserver    | Jan  8 16:10:57 mail postfix/submissions/smtpd[952]: warning: unknown[141.98.11.68]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=monitor@myserver.com
mailserver    | Jan  8 16:11:00 mail postfix/submissions/smtpd[1011]: Anonymous TLS connection established from unknown[194.169.175.10]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:11:02 mail postfix/submissions/smtpd[952]: lost connection after AUTH from unknown[141.98.11.68]
mailserver    | Jan  8 16:11:02 mail postfix/submissions/smtpd[952]: disconnect from unknown[141.98.11.68] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:11:02 mail postfix/submissions/smtpd[888]: lost connection after AUTH from unknown[194.169.175.10]
mailserver    | Jan  8 16:11:02 mail postfix/submissions/smtpd[888]: disconnect from unknown[194.169.175.10] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:11:09 mail postfix/submissions/smtpd[1087]: Anonymous TLS connection established from unknown[141.98.11.68]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:11:30 mail postfix/submissions/smtpd[952]: connect from unknown[194.169.175.10]
mailserver    | Jan  8 16:11:31 mail dovecot: auth: passwd-file(crichard@myserver.com,194.169.175.10): unknown user (SHA1 of given password: f6ccd0)
mailserver    | Jan  8 16:11:33 mail postfix/submissions/smtpd[1011]: warning: unknown[194.169.175.10]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=crichard@myserver.com
mailserver    | Jan  8 16:11:37 mail dovecot: auth: passwd-file(service@myserver.com,141.98.11.68): unknown user (SHA1 of given password: 7ce035)
mailserver    | Jan  8 16:11:38 mail postfix/submissions/smtpd[1011]: lost connection after AUTH from unknown[194.169.175.10]
mailserver    | Jan  8 16:11:38 mail postfix/submissions/smtpd[1011]: disconnect from unknown[194.169.175.10] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:11:39 mail postfix/submissions/smtpd[888]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Jan  8 16:11:39 mail postfix/submissions/smtpd[888]: connect from unknown[141.98.11.68]
mailserver    | Jan  8 16:11:39 mail postfix/submissions/smtpd[1087]: warning: unknown[141.98.11.68]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=service@myserver.com
mailserver    | Jan  8 16:11:43 mail postfix/submissions/smtpd[952]: Anonymous TLS connection established from unknown[194.169.175.10]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:11:45 mail postfix/submissions/smtpd[1087]: lost connection after AUTH from unknown[141.98.11.68]
mailserver    | Jan  8 16:11:45 mail postfix/submissions/smtpd[1087]: disconnect from unknown[141.98.11.68] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:11:52 mail postfix/submissions/smtpd[888]: Anonymous TLS connection established from unknown[141.98.11.68]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:12:13 mail postfix/submissions/smtpd[1011]: connect from unknown[194.169.175.10]
mailserver    | Jan  8 16:12:14 mail dovecot: auth: passwd-file(cricket@myserver.com,194.169.175.10): unknown user (SHA1 of given password: 4f8ef0)
mailserver    | Jan  8 16:12:16 mail postfix/submissions/smtpd[952]: warning: unknown[194.169.175.10]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=cricket@myserver.com
mailserver    | Jan  8 16:12:20 mail postfix/submissions/smtpd[1087]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Jan  8 16:12:20 mail postfix/submissions/smtpd[1087]: connect from unknown[141.98.11.68]
mailserver    | Jan  8 16:12:22 mail dovecot: auth: passwd-file(support@myserver.com,141.98.11.68): unknown user (SHA1 of given password: 7ce035)
mailserver    | Jan  8 16:12:24 mail postfix/submissions/smtpd[1011]: Anonymous TLS connection established from unknown[194.169.175.10]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:12:24 mail postfix/submissions/smtpd[888]: warning: unknown[141.98.11.68]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=support@myserver.com
mailserver    | Jan  8 16:12:24 mail postfix/submissions/smtpd[952]: lost connection after AUTH from unknown[194.169.175.10]
mailserver    | Jan  8 16:12:24 mail postfix/submissions/smtpd[952]: disconnect from unknown[194.169.175.10] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:12:29 mail postfix/submissions/smtpd[888]: lost connection after AUTH from unknown[141.98.11.68]
mailserver    | Jan  8 16:12:29 mail postfix/submissions/smtpd[888]: disconnect from unknown[141.98.11.68] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:12:32 mail postfix/submissions/smtpd[1087]: Anonymous TLS connection established from unknown[141.98.11.68]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:12:54 mail dovecot: auth: passwd-file(criminal@myserver.com,194.169.175.10): unknown user (SHA1 of given password: dcff95)
mailserver    | Jan  8 16:12:55 mail postfix/submissions/smtpd[952]: connect from unknown[194.169.175.10]
mailserver    | Jan  8 16:12:56 mail postfix/submissions/smtpd[1011]: warning: unknown[194.169.175.10]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=criminal@myserver.com
mailserver    | Jan  8 16:13:00 mail dovecot: auth: passwd-file(abuse@myserver.com,141.98.11.68): unknown user (SHA1 of given password: 7ce035)
mailserver    | Jan  8 16:13:02 mail postfix/submissions/smtpd[1087]: warning: unknown[141.98.11.68]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=abuse@myserver.com
mailserver    | Jan  8 16:13:02 mail postfix/submissions/smtpd[888]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Jan  8 16:13:02 mail postfix/submissions/smtpd[888]: connect from unknown[141.98.11.68]
mailserver    | Jan  8 16:13:06 mail postfix/submissions/smtpd[1011]: lost connection after AUTH from unknown[194.169.175.10]
mailserver    | Jan  8 16:13:06 mail postfix/submissions/smtpd[1011]: disconnect from unknown[194.169.175.10] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:13:06 mail postfix/submissions/smtpd[952]: Anonymous TLS connection established from unknown[194.169.175.10]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:13:07 mail postfix/submissions/smtpd[1087]: lost connection after AUTH from unknown[141.98.11.68]
mailserver    | Jan  8 16:13:07 mail postfix/submissions/smtpd[1087]: disconnect from unknown[141.98.11.68] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:13:14 mail postfix/submissions/smtpd[888]: Anonymous TLS connection established from unknown[141.98.11.68]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:13:37 mail dovecot: auth: passwd-file(crimson@myserver.com,194.169.175.10): unknown user (SHA1 of given password: ad5333)
mailserver    | Jan  8 16:13:38 mail postfix/submissions/smtpd[1011]: connect from unknown[194.169.175.10]
mailserver    | Jan  8 16:13:39 mail postfix/submissions/smtpd[952]: warning: unknown[194.169.175.10]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=crimson@myserver.com
mailserver    | Jan  8 16:13:43 mail dovecot: auth: passwd-file(backup@myserver.com,141.98.11.68): unknown user (SHA1 of given password: 7ce035)
mailserver    | Jan  8 16:13:44 mail postfix/submissions/smtpd[1087]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Jan  8 16:13:44 mail postfix/submissions/smtpd[1087]: connect from unknown[141.98.11.68]
mailserver    | Jan  8 16:13:45 mail postfix/submissions/smtpd[888]: warning: unknown[141.98.11.68]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=backup@myserver.com
mailserver    | Jan  8 16:13:46 mail postfix/submissions/smtpd[952]: lost connection after AUTH from unknown[194.169.175.10]
mailserver    | Jan  8 16:13:46 mail postfix/submissions/smtpd[952]: disconnect from unknown[194.169.175.10] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:13:49 mail postfix/submissions/smtpd[1011]: Anonymous TLS connection established from unknown[194.169.175.10]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:13:51 mail postfix/submissions/smtpd[888]: lost connection after AUTH from unknown[141.98.11.68]
mailserver    | Jan  8 16:13:51 mail postfix/submissions/smtpd[888]: disconnect from unknown[141.98.11.68] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:13:57 mail postfix/submissions/smtpd[1087]: Anonymous TLS connection established from unknown[141.98.11.68]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:14:20 mail postfix/submissions/smtpd[952]: connect from unknown[194.169.175.10]
mailserver    | Jan  8 16:14:20 mail dovecot: auth: passwd-file(criofan@myserver.com,194.169.175.10): unknown user (SHA1 of given password: c5a04a)
mailserver    | Jan  8 16:14:22 mail postfix/submissions/smtpd[1011]: warning: unknown[194.169.175.10]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=criofan@myserver.com
mailserver    | Jan  8 16:14:26 mail postfix/submissions/smtpd[888]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Jan  8 16:14:26 mail postfix/submissions/smtpd[888]: connect from unknown[141.98.11.68]
mailserver    | Jan  8 16:14:28 mail dovecot: auth: passwd-file(camera@myserver.com,141.98.11.68): unknown user (SHA1 of given password: 7ce035)
mailserver    | Jan  8 16:14:28 mail postfix/submissions/smtpd[1011]: lost connection after AUTH from unknown[194.169.175.10]
mailserver    | Jan  8 16:14:28 mail postfix/submissions/smtpd[1011]: disconnect from unknown[194.169.175.10] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:14:30 mail postfix/submissions/smtpd[1087]: warning: unknown[141.98.11.68]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=camera@myserver.com
mailserver    | Jan  8 16:14:33 mail postfix/submissions/smtpd[952]: Anonymous TLS connection established from unknown[194.169.175.10]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:14:37 mail postfix/submissions/smtpd[1087]: lost connection after AUTH from unknown[141.98.11.68]
mailserver    | Jan  8 16:14:37 mail postfix/submissions/smtpd[1087]: disconnect from unknown[141.98.11.68] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:14:37 mail postfix/submissions/smtpd[888]: Anonymous TLS connection established from unknown[141.98.11.68]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:15:03 mail postfix/submissions/smtpd[1011]: connect from unknown[194.169.175.10]
mailserver    | Jan  8 16:15:06 mail dovecot: auth: passwd-file(cris@myserver.com,194.169.175.10): unknown user (SHA1 of given password: 539cea)
mailserver    | Jan  8 16:15:08 mail postfix/submissions/smtpd[952]: warning: unknown[194.169.175.10]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=cris@myserver.com
mailserver    | Jan  8 16:15:08 mail postfix/submissions/smtpd[1087]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Jan  8 16:15:08 mail postfix/submissions/smtpd[1087]: connect from unknown[141.98.11.68]
mailserver    | Jan  8 16:15:09 mail dovecot: auth: passwd-file(canon@myserver.com,141.98.11.68): unknown user (SHA1 of given password: 7ce035)
mailserver    | Jan  8 16:15:11 mail postfix/submissions/smtpd[888]: warning: unknown[141.98.11.68]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=canon@myserver.com
mailserver    | Jan  8 16:15:13 mail postfix/submissions/smtpd[952]: lost connection after AUTH from unknown[194.169.175.10]
mailserver    | Jan  8 16:15:13 mail postfix/submissions/smtpd[952]: disconnect from unknown[194.169.175.10] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:15:14 mail postfix/submissions/smtpd[1011]: Anonymous TLS connection established from unknown[194.169.175.10]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:15:18 mail postfix/submissions/smtpd[888]: lost connection after AUTH from unknown[141.98.11.68]
mailserver    | Jan  8 16:15:18 mail postfix/submissions/smtpd[888]: disconnect from unknown[141.98.11.68] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:15:20 mail postfix/submissions/smtpd[1087]: Anonymous TLS connection established from unknown[141.98.11.68]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:15:42 mail dovecot: auth: passwd-file(cris03@myserver.com,194.169.175.10): unknown user (SHA1 of given password: 1b434c)
mailserver    | Jan  8 16:15:44 mail postfix/submissions/smtpd[1011]: warning: unknown[194.169.175.10]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=cris03@myserver.com
mailserver    | Jan  8 16:15:46 mail postfix/submissions/smtpd[952]: connect from unknown[194.169.175.10]
mailserver    | Jan  8 16:15:49 mail dovecot: auth: passwd-file(conference@myserver.com,141.98.11.68): unknown user (SHA1 of given password: 7ce035)
mailserver    | Jan  8 16:15:49 mail postfix/submissions/smtpd[888]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Jan  8 16:15:49 mail postfix/submissions/smtpd[888]: connect from unknown[141.98.11.68]
mailserver    | Jan  8 16:15:51 mail postfix/submissions/smtpd[1087]: warning: unknown[141.98.11.68]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=conference@myserver.com
mailserver    | Jan  8 16:15:51 mail postfix/submissions/smtpd[1011]: lost connection after AUTH from unknown[194.169.175.10]
mailserver    | Jan  8 16:15:51 mail postfix/submissions/smtpd[1011]: disconnect from unknown[194.169.175.10] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:15:57 mail postfix/submissions/smtpd[1087]: lost connection after AUTH from unknown[141.98.11.68]
mailserver    | Jan  8 16:15:57 mail postfix/submissions/smtpd[1087]: disconnect from unknown[141.98.11.68] ehlo=1 auth=0/1 rset=1 commands=2/3
mailserver    | Jan  8 16:15:59 mail postfix/submissions/smtpd[952]: Anonymous TLS connection established from unknown[194.169.175.10]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:16:01 mail postfix/submissions/smtpd[888]: Anonymous TLS connection established from unknown[141.98.11.68]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
mailserver    | Jan  8 16:16:27 mail dovecot: auth: passwd-file(crisan@myserver.com,194.169.175.10): unknown user (SHA1 of given password: 179447)
mailserver    | Jan  8 16:16:28 mail postfix/submissions/smtpd[1011]: connect from unknown[194.169.175.10]
mailserver    | Jan  8 16:16:29 mail postfix/submissions/smtpd[952]: warning: unknown[194.169.175.10]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, sasl_username=crisan@myserver.com
mailserver    | Jan  8 16:16:31 mail postfix/submissions/smtpd[1087]: warning: hostname noiseless.medyamol.com does not resolve to address 141.98.11.68: Name or service not known
mailserver    | Jan  8 16:16:31 mail postfix/submissions/smtpd[1087]: connect from unknown[141.98.11.68]
mailserver    | Jan  8 16:16:31 mail dovecot: auth: passwd-file(connect@myserver.com,141.98.11.68): unknown user (SHA1 of given password: 7ce035)

4 replies

casperklein Jan 8, 2024
Maintainer

Is nftables available on the host system, does nft list ruleset work?

If you have the ability to test (in a VM or something), can you try running your instance on Debian, to see if the error persist?
I think it must be something the host OS supports or not supports which causes the problems. Are you running a recent docker version?

2024-01-08 16:13:02,888 fail2ban.utils [731]: ERROR 7f671d894870 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2024-01-08 16:13:02,888 fail2ban.utils [731]: ERROR 7f671d894870 -- stderr: 'add set inet f2b-table addr-set-postfix-sasl { type ipv4_addr; flags interval; }'
2024-01-08 16:13:02,888 fail2ban.utils [731]: ERROR 7f671d894870 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2024-01-08 16:13:02,888 fail2ban.utils [731]: ERROR 7f671d894870 -- stderr: 'Error: No such file or directory'
2024-01-08 16:13:02,889 fail2ban.utils [731]: ERROR 7f671d894870 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-postfix-sasl drop'

I think we had an issue in the past with iptables/nftables with that error messages, but can't find it now, where @georglauterbach provided a fix. But my memories could be wrong tbh 😆 But maybe he have an idea.

casperklein Jan 8, 2024
Maintainer

You could also try to start a complete new DMS instance, configure just the minimum, activate fail2ban and see if the error is already there.

For testing, you could manually ban an IP address setup.sh fail2ban ban 1.2.3.4. Then restart (docker compose down/up) DMS to see, if the same error occurs on startup.

lennartbrandin Jan 8, 2024
Author

Manual banning works just fine there are no issues with the custom jail, and it prevents access from said ip.
After deleting everything except the keys (The configuration is already quite minimal see the compose.yaml from earlier) any ban attempts still result in the original fail2ban.utils error.

On a side note why can SASL attempts even be made? Its off by default. ( Banning also doesnt work for normal logins )

host nft ruleset (nftables was not installed, but installing, enabling/starting it and restart the docker daemon didnt help):

table ip nat {
	chain POSTROUTING {
		type nat hook postrouting priority srcnat; policy accept;
		oifname != "br-e99229a8e1ff" ip saddr 172.18.0.0/16 counter packets 2 bytes 304 masquerade 
		oifname != "docker0" ip saddr 172.17.0.0/16 counter packets 4 bytes 608 masquerade 
		oifname != "br-ee58095cd1e6" ip saddr 192.168.16.0/20 counter packets 0 bytes 0 masquerade 
		oifname != "br-834c31076270" ip saddr 172.23.0.0/16 counter packets 4 bytes 608 masquerade 
		oifname != "br-7bbc8bdb0c7f" ip saddr 192.168.32.0/20 counter packets 0 bytes 0 masquerade 
		oifname != "br-72ba51f07612" ip saddr 172.24.0.0/16 counter packets 0 bytes 0 masquerade 
		oifname != "br-70d62a04a29a" ip saddr 172.28.0.0/16 counter packets 7 bytes 1064 masquerade 
		meta l4proto tcp ip saddr 192.168.16.4 ip daddr 192.168.16.4 tcp dport 443 counter packets 0 bytes 0 masquerade 
		meta l4proto tcp ip saddr 192.168.16.4 ip daddr 192.168.16.4 tcp dport 80 counter packets 0 bytes 0 masquerade 
		meta l4proto tcp ip saddr 172.18.0.2 ip daddr 172.18.0.2 tcp dport 993 counter packets 0 bytes 0 masquerade 
		meta l4proto tcp ip saddr 172.18.0.2 ip daddr 172.18.0.2 tcp dport 587 counter packets 0 bytes 0 masquerade 
		meta l4proto tcp ip saddr 172.18.0.2 ip daddr 172.18.0.2 tcp dport 465 counter packets 0 bytes 0 masquerade 
		meta l4proto tcp ip saddr 172.18.0.2 ip daddr 172.18.0.2 tcp dport 143 counter packets 0 bytes 0 masquerade 
		meta l4proto tcp ip saddr 172.18.0.2 ip daddr 172.18.0.2 tcp dport 25 counter packets 0 bytes 0 masquerade 
	}

	chain DOCKER {
		iifname "br-e99229a8e1ff" counter packets 0 bytes 0 return
		iifname "docker0" counter packets 0 bytes 0 return
		iifname "br-ee58095cd1e6" counter packets 0 bytes 0 return
		iifname "br-834c31076270" counter packets 0 bytes 0 return
		iifname "br-7bbc8bdb0c7f" counter packets 0 bytes 0 return
		iifname "br-72ba51f07612" counter packets 0 bytes 0 return
		iifname != "br-ee58095cd1e6" meta l4proto tcp tcp dport 443 counter packets 5 bytes 276 dnat to 192.168.16.4:443
		iifname != "br-ee58095cd1e6" meta l4proto tcp tcp dport 80 counter packets 1 bytes 52 dnat to 192.168.16.4:80
		iifname != "br-e99229a8e1ff" meta l4proto tcp tcp dport 993 counter packets 2 bytes 120 dnat to 172.18.0.2:993
		iifname != "br-e99229a8e1ff" meta l4proto tcp tcp dport 587 counter packets 0 bytes 0 dnat to 172.18.0.2:587
		iifname != "br-e99229a8e1ff" meta l4proto tcp tcp dport 465 counter packets 8 bytes 480 dnat to 172.18.0.2:465
		iifname != "br-e99229a8e1ff" meta l4proto tcp tcp dport 143 counter packets 0 bytes 0 dnat to 172.18.0.2:143
		iifname != "br-e99229a8e1ff" meta l4proto tcp tcp dport 25 counter packets 0 bytes 0 dnat to 172.18.0.2:25
	}

	chain PREROUTING {
		type nat hook prerouting priority dstnat; policy accept;
		fib daddr type local counter packets 62 bytes 3132 jump DOCKER
	}

	chain OUTPUT {
		type nat hook output priority -100; policy accept;
		ip daddr != 127.0.0.0/8 fib daddr type local counter packets 15 bytes 2196 jump DOCKER
	}
}
table ip filter {
	chain DOCKER {
		iifname != "br-ee58095cd1e6" oifname "br-ee58095cd1e6" meta l4proto tcp ip daddr 192.168.16.4 tcp dport 443 counter packets 5 bytes 276 accept
		iifname != "br-ee58095cd1e6" oifname "br-ee58095cd1e6" meta l4proto tcp ip daddr 192.168.16.4 tcp dport 80 counter packets 1 bytes 52 accept
		iifname != "br-e99229a8e1ff" oifname "br-e99229a8e1ff" meta l4proto tcp ip daddr 172.18.0.2 tcp dport 993 counter packets 2 bytes 120 accept
		iifname != "br-e99229a8e1ff" oifname "br-e99229a8e1ff" meta l4proto tcp ip daddr 172.18.0.2 tcp dport 587 counter packets 0 bytes 0 accept
		iifname != "br-e99229a8e1ff" oifname "br-e99229a8e1ff" meta l4proto tcp ip daddr 172.18.0.2 tcp dport 465 counter packets 8 bytes 480 accept
		iifname != "br-e99229a8e1ff" oifname "br-e99229a8e1ff" meta l4proto tcp ip daddr 172.18.0.2 tcp dport 143 counter packets 0 bytes 0 accept
		iifname != "br-e99229a8e1ff" oifname "br-e99229a8e1ff" meta l4proto tcp ip daddr 172.18.0.2 tcp dport 25 counter packets 0 bytes 0 accept
	}

	chain DOCKER-ISOLATION-STAGE-1 {
		iifname "br-e99229a8e1ff" oifname != "br-e99229a8e1ff" counter packets 161 bytes 50821 jump DOCKER-ISOLATION-STAGE-2
		iifname "docker0" oifname != "docker0" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
		iifname "br-ee58095cd1e6" oifname != "br-ee58095cd1e6" counter packets 34 bytes 12983 jump DOCKER-ISOLATION-STAGE-2
		iifname "br-834c31076270" oifname != "br-834c31076270" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
		iifname "br-7bbc8bdb0c7f" oifname != "br-7bbc8bdb0c7f" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
		iifname "br-72ba51f07612" oifname != "br-72ba51f07612" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
		counter packets 412 bytes 82339 return
	}

	chain DOCKER-ISOLATION-STAGE-2 {
		oifname "br-e99229a8e1ff" counter packets 0 bytes 0 drop
		oifname "docker0" counter packets 0 bytes 0 drop
		oifname "br-ee58095cd1e6" counter packets 0 bytes 0 drop
		oifname "br-834c31076270" counter packets 0 bytes 0 drop
		oifname "br-7bbc8bdb0c7f" counter packets 0 bytes 0 drop
		oifname "br-72ba51f07612" counter packets 0 bytes 0 drop
		counter packets 195 bytes 63804 return
	}

	chain FORWARD {
		type filter hook forward priority filter; policy accept;
		counter packets 403 bytes 81871 jump DOCKER-USER
		counter packets 403 bytes 81871 jump DOCKER-ISOLATION-STAGE-1
		oifname "br-e99229a8e1ff" ct state related,established counter packets 177 bytes 15101 accept
		oifname "br-e99229a8e1ff" counter packets 10 bytes 600 jump DOCKER
		iifname "br-e99229a8e1ff" oifname != "br-e99229a8e1ff" counter packets 161 bytes 50821 accept
		iifname "br-e99229a8e1ff" oifname "br-e99229a8e1ff" counter packets 0 bytes 0 accept
		oifname "docker0" ct state related,established counter packets 0 bytes 0 accept
		oifname "docker0" counter packets 0 bytes 0 jump DOCKER
		iifname "docker0" oifname != "docker0" counter packets 0 bytes 0 accept
		iifname "docker0" oifname "docker0" counter packets 0 bytes 0 accept
		oifname "br-ee58095cd1e6" ct state related,established counter packets 24 bytes 2506 accept
		oifname "br-ee58095cd1e6" counter packets 6 bytes 328 jump DOCKER
		iifname "br-ee58095cd1e6" oifname != "br-ee58095cd1e6" counter packets 34 bytes 12983 accept
		iifname "br-ee58095cd1e6" oifname "br-ee58095cd1e6" counter packets 0 bytes 0 accept
		oifname "br-834c31076270" ct state related,established counter packets 0 bytes 0 accept
		oifname "br-834c31076270" counter packets 0 bytes 0 jump DOCKER
		iifname "br-834c31076270" oifname != "br-834c31076270" counter packets 0 bytes 0 accept
		iifname "br-834c31076270" oifname "br-834c31076270" counter packets 0 bytes 0 accept
		oifname "br-7bbc8bdb0c7f" ct state related,established counter packets 0 bytes 0 accept
		oifname "br-7bbc8bdb0c7f" counter packets 0 bytes 0 jump DOCKER
		iifname "br-7bbc8bdb0c7f" oifname != "br-7bbc8bdb0c7f" counter packets 0 bytes 0 accept
		iifname "br-7bbc8bdb0c7f" oifname "br-7bbc8bdb0c7f" counter packets 0 bytes 0 accept
		oifname "br-72ba51f07612" ct state related,established counter packets 0 bytes 0 accept
		oifname "br-72ba51f07612" counter packets 0 bytes 0 jump DOCKER
		iifname "br-72ba51f07612" oifname != "br-72ba51f07612" counter packets 0 bytes 0 accept
		iifname "br-72ba51f07612" oifname "br-72ba51f07612" counter packets 0 bytes 0 accept
	}

	chain DOCKER-USER {
		counter packets 412 bytes 82339 return
	}
}
table ip6 nat {
	chain DOCKER {
		iifname "br-834c31076270" counter packets 0 bytes 0 return
	}

	chain POSTROUTING {
		type nat hook postrouting priority srcnat; policy accept;
		oifname != "br-834c31076270" ip6 saddr fd00:cafe:face:feed::/64 counter packets 0 bytes 0 masquerade  
	}

	chain PREROUTING {
		type nat hook prerouting priority dstnat; policy accept;
		fib daddr type local counter packets 0 bytes 0 jump DOCKER
	}

	chain OUTPUT {
		type nat hook output priority -100; policy accept;
		ip6 daddr != ::1 fib daddr type local counter packets 0 bytes 0 jump DOCKER
	}
}
table ip6 filter {
	chain DOCKER {
	}

	chain DOCKER-ISOLATION-STAGE-1 {
		iifname "br-e99229a8e1ff" oifname != "br-e99229a8e1ff" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
		iifname "docker0" oifname != "docker0" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
		iifname "br-ee58095cd1e6" oifname != "br-ee58095cd1e6" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
		iifname "br-834c31076270" oifname != "br-834c31076270" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
		iifname "br-7bbc8bdb0c7f" oifname != "br-7bbc8bdb0c7f" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
		iifname "br-72ba51f07612" oifname != "br-72ba51f07612" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
		counter packets 0 bytes 0 return
	}

	chain DOCKER-ISOLATION-STAGE-2 {
		oifname "br-e99229a8e1ff" counter packets 0 bytes 0 drop
		oifname "docker0" counter packets 0 bytes 0 drop
		oifname "br-ee58095cd1e6" counter packets 0 bytes 0 drop
		oifname "br-834c31076270" counter packets 0 bytes 0 drop
		oifname "br-7bbc8bdb0c7f" counter packets 0 bytes 0 drop
		oifname "br-72ba51f07612" counter packets 0 bytes 0 drop
		counter packets 0 bytes 0 return
	}

	chain FORWARD {
		type filter hook forward priority filter; policy drop;
		counter packets 0 bytes 0 jump DOCKER-USER
		counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-1
		oifname "br-834c31076270" ct state related,established counter packets 0 bytes 0 accept
		oifname "br-834c31076270" counter packets 0 bytes 0 jump DOCKER
		iifname "br-834c31076270" oifname != "br-834c31076270" counter packets 0 bytes 0 accept
		iifname "br-834c31076270" oifname "br-834c31076270" counter packets 0 bytes 0 accept
	}

	chain DOCKER-USER {
		counter packets 0 bytes 0 return
	}
}
table inet filter {
	chain input {
		type filter hook input priority filter; policy accept;
	}

	chain forward {
		type filter hook forward priority filter; policy accept;
	}

	chain output {
		type filter hook output priority filter; policy accept;
	}
}

Ill try a debian vm next.

casperklein Jan 8, 2024
Maintainer

PS: When you try Debian, use the Docker upstream repo as described here. Don't use the Docker version included in the Debian repo. The same goes for "docker compose". It's also available in the Docker repo: docker-compose-plugin

polarathene · 2024-01-08T21:00:45Z

polarathene
Jan 8, 2024
Maintainer

I can't be of much help here, but seems we're missing any mention of what version of Debian is used? What kernel? Docker too (although you've been instructed to use latest from Docker not Debian).

If this on a NAS that is definitely worth noting.

0 replies

Docker Mailserver

Further login attemps by Fail2Ban banned ip, warning: hostname * does not resolve to address*: Name or service not known #3723

Uh oh!

lennartbrandin Dec 25, 2023

Observation

Expectation

Logs

Configs

Docker-compose.yml

mailserver.env

fail2ban-jail.cf

Replies: 3 comments · 8 replies

Uh oh!

casperklein Jan 6, 2024 Maintainer

Uh oh!

Uh oh!

lennartbrandin Jan 7, 2024 Author

Uh oh!

Uh oh!

casperklein Jan 7, 2024 Maintainer

Uh oh!

lennartbrandin Jan 7, 2024 Author

Uh oh!

casperklein Jan 8, 2024 Maintainer

Uh oh!

lennartbrandin Jan 8, 2024 Author

TLDR

Attempt

Config

Logs

Fail2Ban log

Fail2Ban status

Docker logs

Uh oh!

casperklein Jan 8, 2024 Maintainer

Uh oh!

casperklein Jan 8, 2024 Maintainer

Uh oh!

lennartbrandin Jan 8, 2024 Author

Uh oh!

Uh oh!

casperklein Jan 8, 2024 Maintainer

Uh oh!

polarathene Jan 8, 2024 Maintainer

lennartbrandin
Dec 25, 2023

Replies: 3 comments 8 replies

casperklein
Jan 6, 2024
Maintainer

lennartbrandin Jan 7, 2024
Author

casperklein Jan 7, 2024
Maintainer

lennartbrandin Jan 7, 2024
Author

casperklein Jan 8, 2024
Maintainer

lennartbrandin
Jan 8, 2024
Author

casperklein Jan 8, 2024
Maintainer

casperklein Jan 8, 2024
Maintainer

lennartbrandin Jan 8, 2024
Author

casperklein Jan 8, 2024
Maintainer

polarathene
Jan 8, 2024
Maintainer