Hi, I see in the logs every few seconds someone tries to access the mail:
2023-10-19 16:49:57 dovecot_login authenticator failed for (localhost) [46.148.40.149]: 535 Incorrect authentication data (set_id=ababa)
2023-10-19 16:50:00 dovecot_login authenticator failed for (localhost) [46.148.40.145]: 535 Incorrect authentication data (set_id=myblog@main_panel_url)
2023-10-19 16:50:03 dovecot_login authenticator failed for (localhost) [46.148.40.198]: 535 Incorrect authentication data (set_id=ccfc)
When I look at the fail2ban config I see all the (default) jails are enabled. In the /var/log/fail2ban.log I see loads of :
2023-10-19 16:58:00,031 fail2ban.filter [507]: INFO [exim-iptables] Found 46.148.40.94 - 2023-10-19 16:58:00
2023-10-19 16:58:00,032 fail2ban.filter [507]: INFO [exim-iptables] Found 46.148.40.152 - 2023-10-19 16:58:00
2023-10-19 16:58:20,395 fail2ban.filter [507]: INFO [exim-iptables] Found 46.148.40.143 - 2023-10-19 16:58:20
But when I go to firewall settings and banlist or to cli I see only one ban unfortunately.
fail2ban-client status recidive
Status for the jail: recidive
|- Filter
| |- Currently failed: 0
| |- Total failed: 34
| `- File list: /var/log/fail2ban.log
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 180.101.88.222
Some ip’s have shown up in the fail2ban log like 50+ times only today. Why isn’t it banned?
I missed something in the configuration? I am new with fail2ban.