Hello,
i am. facing issues with my clients because the ips keep on getting blacklist for no reason.
could be because i have installed all the packages available on hestiacp website.
can anyone guide me how do i disable it for emails so my clients dont have issues with emails.
thanks.
Hello @socials,
Well, I’m pretty sure there is a reason 
The ips in your screenshot are banned because they are included in a blacklist (I didn’t test all but at least 4 of them). Are those ips the ips of your clients?
You could search the ips that you really know are using your clients to know what is going on. Example using ip 80.94.95.181
exigrep --no-pager -l '80.94.95.181' /var/log/exim4/mainlog*
1 Like
thats the issue, there are many providers in my country that have ips blacklisted, i cant possibly ask them to take static ip and then i add it .
is there a way to disable the ip blacklist check for emails?
RECIDIVE are ips banned by Exim / or any other service by multiple failed logins…
Most likely there is an email setting wrong on your clients side …
1 Like
this happens to my house ip’s also sometimes and i have to login via vpn and remove the ip before i can access all emails, if the settings are wrong then how come i can send/rcv emails right after i remove the ip? i can do it for my own IP but its not possible to contact every client and their employees and remove their ips one by one.
surely there must be a way to disable this security settings just for emails?
or re install hestiacp without certain packages to ignore it and let my service provider handle the firewall from backend? i am using oracle so i can enable/disable ports on my own without needed hcps firewall
Why it happens check you exim logs …
You can disable the automatic banning for email but that is not recommended. Check what that cause of the issue is…
1 Like
please guide me how i can disable it just for email, i have checked logs 10 times before and i couldnt find anything other than the fact that some ips are blacklsited on some sites but that is beyond my or my clients control because of dynamic ips. its just better i let it be open
Hello @socials,
The reason @eris and I are asking for the real reason the ips are being banned is because, you shown a list of ips banned in chain RECIDIVE. That chain means that ips are being banned from fail2ban service due those ips were previously banned several times. By default, fail2ban exim rules, doesn’t ban ips that were rejected due they are in a blacklist so it is important to know what is the real issue before trying to remove/modify the security rules.
Anyways, I don’t really will remove this but…
1.- Remove blacklists from exim.
Edit file /etc/exim4/dnsbl.conf and remove both lines:
bl.spamcop.net
zen.spamhaus.org
Save the file and restart exim service.
systemctl restart exim4
2.- Disable exim rules from fail2ban.
Edit file /etc/fail2ban/jail.local and change enabled = true to false in [exim-iptables] section:
Before:
[exim-iptables]
enabled = true
filter = exim
action = hestia[name=MAIL]
logpath = /var/log/exim4/mainlog
After editing it:
[exim-iptables]
enabled = false
filter = exim
action = hestia[name=MAIL]
logpath = /var/log/exim4/mainlog
Save the file and restart fail2ban service.
systemctl restart fail2ban
Cheers,
sahsanu
Thank you so much sir i really appreciate it.
i will continue to investigate the issue further and see why its happening but now i am in peace that atleast i have a solution if nothing else works.
thanks alot
sadly this didnt work for me.
i am doing it on my own home internet, as soon as i did the above steps my ssh sessions lagged out (was terminated maybe because of fail2ban restart command)
and right after that couldnt login to my server.
had to login via vpn and remove my ip.
at my house i dont have static ip.
that is only on my workplace and i have whitelisted it.
logs on my ip didnt show anything wrong and if its about the bad login then its not possible that i would instantly get email after i remove my ip from blacklist.
like i have it setup in edison mail. i open it the emails dont come, then i check and go on hcp page i cant load that either ( this is the time i realize that the ip has been blacklisted in firewall) then i login via vpn and remove my ip to fix it.
in my own pc there is noway that settings of email or hcp are wrong because same settings are automatically accepted right after i remove it via vpn.
i am very confused
Search your ip in fail2ban to know what is the jail that is reaching your ip:
fail2ban-client banned HereYourBannedIP
And…
grep 'HereYourBannedIP' /var/log/fail2ban.log*
Once done you could know what is the jail and you could disable it.
In case you want to unban all ips you can do it using this command:
fail2ban-client unban --all
If you are having so much issues, you could disable fail2ban:
systemctl disable fail2ban
systemctl stop fail2ban
If you want to enable it again:
systemctl enable fail2ban
systemctl start fail2ban
Cheers,
sahsanu
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.