My smtp server bans my webservers because of fail2ban.

Webserver hosting WordPress -> Conects via SMTP -> Mail server (Hestia) -> Send emails

When a website has a misconfigured plugin, during test or at any point, the whole server gets banned. And no other Website can send emails.

I would like to whitelist my webservers in my Mail server to prevent this from happening.

This is what I tried

/etc/fail2ban/jail.local

[default]
ignoreip = 195.114.211.xxx 5.56.63.xxx 5.56.62.xxx 185.37.226.xxx 5.56.60.xxx

I could also run a cron with action unban every minute, but it is not an elegant solution.

Will an IPset of accepted IPs be banned by fail2ban?

Doesn’t work. I can’t set an Ipset of less than 10 IPs

When I configure the individual IPs on Iptables fail2ban rules are higher in the iptables list.

[email protected]:/usr/local/hestia/install/deb/firewall/ipset# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-HESTIA tcp – anywhere anywhere tcp dpt:8083
fail2ban-FTP tcp – anywhere anywhere tcp dpt:ftp
fail2ban-SSH tcp – anywhere anywhere tcp dpt:2220
f2b-sshd tcp – anywhere anywhere multiport dports ssh
fail2ban-MAIL tcp – anywhere anywhere multiport dports smtp,submissions,submission,pop3,pop3s,imap2,imaps
fail2ban-RECIDIVE tcp – anywhere anywhere multiport dports tcpmux:65535
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED

Okay after testing whitelisting with ipset iptables and fail2ban again.

I changed [default] to [DEFAULT] and it is not banning my bad attempts.