Hi Xioa,
I have been following your guide “Build Your Own Email Server on Ubuntu: Basic Postfix Setup” and am in desperate need of your attention. So far, I have completed steps 1 through steps 10. Everything was working properly up until step 8 ( I believe). However, I only noticed that things weren’t working between after finishing step 10. So somewhere in between step 8 and step 10, thing have gone wrong, and I can’t figure out what exactly is happening here. It feels like I’ve got a misconfiguration somewhere, or I’m getting hacked or ddossed. But I am not an expert, so I desperately require your eye to take a look at things for me.
First, my configuration is on Ubuntu server 20.04, and is to the tee exactly according to your email server guide with the following 3 exceptions:
Exception # 1: On top of the email server, I also have a web server installed using wordpress and nginx, which as we speek, works perfectly.
Exception # 2: I am using openvpn3 on my server to tunnel my local IP address to an amazon OpenVPN-AS EC2 Instance, in order to obtain proper rDNS records and to use amazons public elastic (static) IP address. As of step 6, my emails were working, even using the amazon tunnel. No vpn changes have been made since then, so through the process of elimination, I suspect the VPN is not the issue here.
Exception # 3: After installing amavis, while looking at the logs, I would see the error: (!)Net::Server: 2021/08/16-19:33:18 Can't connect to TCP port 10024 on ::1 [Cannot assign requested address]\n at line 64 in file /usr/share/perl5/Net/Server/Proto/TCP.pm
. After some googling, I suspect this has to do with ipv6 and amavis somehow. To (hopefully) solve this issue, I put inet_socket_bind = '127.0.0.1';
as the first line in /etc/amavis/conf.d/50-user
, and this seemed to make the error go away. However, I don’t know the impact that this line makes on the rest of the system (any comments on this would be much appreciated).
Second, I am using apple mail. I am sometimes able to send emails out from my domain address to my gmail, however, sometimes apple mail shows my outgoing linuxbabe email server as down or unable to connect via ssl. Therefore, I am sometimes unable to send emails from my domain to to my gmail email. At the moment, my outgoing domain emails are not working (same goes for my inbound emails at the moment).
Third, I am never able to send emails from my gmail account to my domain address that I created from linuxbabe tutorials. I get the following errors when trying to send an email to my domain with my gmail account:
1. mail.facl.xyz. 149.28.114.20: FAILED_PRECONDITION: connect error (111): Connection refused]
2. Message blocked. Your message to [email protected] has been blocked. See technical details below for more information. 450 4.7.1 Client host rejected: cannot find your reverse hostname, [172.27.224.1]
3. Delivery incomplete. The response from the remote server was: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [172.27.224.1]
Lastly, I’ve noticed a very strang IP address of 172.27.224.1
that keeps showing up in all of my logs (postfix,fail2ban,dovecot,amavis,etc.).
A short summary of my issues would be:
1. Incoming and outgoing emails not working with my domain email server.
2. Strange IP addresses of 172.27.224.1
showing up in logs.
3. Amavis showing the error (!)Net::Server: 2021/08/16-19:33:18 Can't connect to TCP port 10024 on ::1 [Cannot assign requested address]\n at line 64 in file /usr/share/perl5/Net/Server/Proto/TCP.pm
4: Note: I am running a vpn client on this server, being tunneled to an amazon IP address with port 25 unblocked.
Below are my logs in order of specfied commands:
Command 1: sudo pflogsumm /var/log/mail.log
Command 2a: sudo systemctl status dovecot
Command 2b: sudo journalctl -eu dovecot
Command 3a: sudo systemctl status postfix
Command 3b: sudo journalctl -eu postfix
Command 4a: sudo systemctl status spamassassin
Command 4b: sudo journalctl -eu spamassassin
Command 5a: sudo systemctl status amavis
Command 5b: sudo journalctl -eu amavis
Command 6a: sudo systemctl status fail2ban
Command 6b: cat /var/log/fail2ban.log
Command 6c: sudo iptables -L
1a:
sudo pflogsumm /var/log/mail.log
Grand Totals
------------
messages
7 received
15 delivered
0 forwarded
5 deferred (35 deferrals)
0 bounced
38 rejected (71%)
0 reject warnings
0 held
0 discarded (0%)
14182 bytes received
37244 bytes delivered
3 senders
1 sending hosts/domains
3 recipients
3 recipient hosts/domains
Host/Domain Summary: Message Delivery
--------------------------------------
sent cnt bytes defers avg dly max dly host/domain
-------- ------- ------- ------- ------- -----------
6 19728 18 1.9 h 7.2 h facl.xyz
5 7899 10 12.5 h 54.1 h nerd-tech.net
4 9617 7 1.2 h 4.8 h gmail.com
Host/Domain Summary: Messages Received
---------------------------------------
msg cnt bytes host/domain
-------- ------- -----------
7 14182 facl.xyz
Senders by message count
------------------------
3 [email protected]
2 [email protected]
2 [email protected]
Recipients by message count
---------------------------
6 [email protected]
5 [email protected]
4 [email protected]
Senders by message size
-----------------------
8409 [email protected]
3826 [email protected]
1947 [email protected]
Recipients by message size
--------------------------
19728 [email protected]
9617 [email protected]
7899 [email protected]
message deferral detail
-----------------------
amavis/smtp (total: 35)
28 127.0.0.1[127.0.0.1]:10024: Connection refused
7 127.0.0.1[127.0.0.1]:10026: Connection refused
message bounce detail (by relay): none
message reject detail
---------------------
RCPT
cannot find your reverse hostname (total: 37)
37 172.27.224.1
Helo command rejected: need fully-qualified hostname (total: 1)
1 172.27.224.1
message reject warning detail: none
message hold detail: none
message discard detail: none
smtp delivery failures: none
Warnings
--------
10025/smtpd (total: 7)
7 connect to Milter service local:opendmarc/opendmarc.sock: No su...
cleanup (total: 5)
5 connect to Milter service local:opendmarc/opendmarc.sock: No su...
postfix-script (total: 3)
3 symlink leaves directory: /etc/postfix/./makedefs.out
smtpd (total: 64)
53 connect to Milter service local:opendmarc/opendmarc.sock: No su...
11 unknown[172.27.224.1]: SASL LOGIN authentication failed: UGFzc3...
Fatal Errors
------------
sendmail (total: 3)
3 User netdata(997) is not allowed to submit mail
Panics: none
Master daemon messages
----------------------
3 daemon started -- version 3.4.13, configuration /etc/postfix
2 reload -- version 3.4.13, configuration /etc/postfix
1 terminating on signal 15
2a:
sudo systemctl status dovecot
dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-08-17 07:03:50 CDT; 3h 46min ago
Docs: man:dovecot(1)
http://wiki2.dovecot.org/
Main PID: 2011 (dovecot)
Tasks: 25 (limit: 9255)
CGroup: /system.slice/dovecot.service
├─ 2011 /usr/sbin/dovecot -F
├─ 2157 dovecot/anvil
├─ 2158 dovecot/log
├─ 2159 dovecot/config
├─ 4229 dovecot/stats
├─15404 dovecot/imap-login
├─15406 dovecot/imap-login
├─15407 dovecot/imap-login
├─15408 dovecot/imap-login
├─15409 dovecot/imap-login
├─15410 dovecot/imap-login
├─15424 dovecot/imap
├─15426 dovecot/imap
├─15428 dovecot/imap
├─15429 dovecot/imap
├─15432 dovecot/imap
├─15434 dovecot/imap
├─16110 dovecot/imap-login
├─16111 dovecot/imap
├─16118 dovecot/imap-login
├─16120 dovecot/imap
├─16130 dovecot/imap-login
├─16132 dovecot/imap
├─16537 dovecot/imap-login
└─16542 dovecot/imap
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: auth-worker(38695): Debug: sql([email protected],172.27.224.1,<5aKu28LJb9msG+AB>): Performing userdb lookup
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: auth-worker(38695): Debug: sql([email protected],172.27.224.1,<5aKu28LJb9msG+AB>): SELECT maildir, 2000 AS uid, 2000 AS gid FROM mailbox WHERE username = '[email protected]' AND active='1'
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: auth-worker(38695): Debug: sql([email protected],172.27.224.1,<5aKu28LJb9msG+AB>): Finished userdb lookup
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: auth: Debug: sql([email protected],172.27.224.1,<5aKu28LJb9msG+AB>): Finished userdb lookup
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: auth: Debug: master userdb out: USER 515375105 [email protected] maildir=oddcake.net/dan/ uid=2000 gid=2000 auth_token=6a27be66e01ae0ff0bc97556560a7f647dd09d26
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: auth-worker(38695): Debug: conn unix:auth-worker (pid=38693,uid=113): auth-worker<2>: Finished
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=172.27.224.1, lip=172.27.208.8, mpid=38698, TLS, session=<5aKu28LJb9msG+AB>
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: imap([email protected])<38698><5aKu28LJb9msG+AB>: Logged out in=34 out=518 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Aug 17 10:21:26 mail.facl.xyz dovecot[2158]: imap([email protected])<37366><1W1coMLJ49isG+AB>: Logged out in=4908 out=6305 deleted=1 expunged=1 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Aug 17 10:21:30 mail.facl.xyz dovecot[2158]: auth-worker(38695): Debug: conn unix:auth-worker (pid=38693,uid=113): Disconnected: Connection closed (fd=-1)
3a:
sudo systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2021-08-17 09:59:57 CDT; 57min ago
Process: 33365 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 33365 (code=exited, status=0/SUCCESS)
Aug 17 09:59:57 mail.facl.xyz systemd[1]: Starting Postfix Mail Transport Agent...
Aug 17 09:59:57 mail.facl.xyz systemd[1]: Finished Postfix Mail Transport Agent.
3b:
sudo journalctl -eu postfix
-- Reboot --
Aug 17 07:04:30 mail.facl.xyz systemd[1]: Starting Postfix Mail Transport Agent...
Aug 17 07:04:30 mail.facl.xyz systemd[1]: Finished Postfix Mail Transport Agent.
Aug 17 09:59:55 mail.facl.xyz systemd[1]: postfix.service: Succeeded.
Aug 17 09:59:55 mail.facl.xyz systemd[1]: Stopped Postfix Mail Transport Agent.
Aug 17 09:59:55 mail.facl.xyz systemd[1]: Stopping Postfix Mail Transport Agent...
Aug 17 09:59:57 mail.facl.xyz systemd[1]: Starting Postfix Mail Transport Agent...
Aug 17 09:59:57 mail.facl.xyz systemd[1]: Finished Postfix Mail Transport Agent.
5a:
sudo systemctl status amavis
● amavis.service - LSB: Starts amavisd-new mailfilter
Loaded: loaded (/etc/init.d/amavis; generated)
Active: active (running) since Tue 2021-08-17 07:04:29 CDT; 3h 57min ago
Docs: man:systemd-sysv-generator(8)
Process: 2014 ExecStart=/etc/init.d/amavis start (code=exited, status=0/SUCCESS)
Tasks: 3 (limit: 9255)
CGroup: /system.slice/amavis.service
├─2590 /usr/sbin/amavisd-new (master)
├─2625 /usr/sbin/amavisd-new (ch4-avail)
└─2626 /usr/sbin/amavisd-new (ch3-avail)
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No decoder for .zoo
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: Using primary internal av scanner code for ClamAV-clamd
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Aug 17 07:09:30 mail.facl.xyz amavis[2625]: (02625-01) Passed CLEAN {RelayedInbound}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: PBii-TznnW04, Hits: -, size: 1909, queued_as: 535D4136D, 289 ms
Aug 17 07:19:30 mail.facl.xyz amavis[2626]: (02626-01) Passed CLEAN {RelayedInbound}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: zR8b8BRl0kNW, Hits: -, size: 1506, queued_as: 467AB136D, 244 ms
Aug 17 07:23:22 mail.facl.xyz amavis[2625]: (02625-02) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [172.27.224.1]:53208 <[email protected]> -> <[email protected]>, Queue-ID: 9E6DD136D, Message-ID: <[email protected]>, mail_id: GMBci>
Aug 17 07:34:30 mail.facl.xyz amavis[2626]: (02626-02) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [172.27.224.1]:55243 <[email protected]> -> <[email protected]>, Queue-ID: 3F84D2311, Message-ID: <[email protected]>, mail_id: Q27RZ>
Aug 17 07:34:30 mail.facl.xyz amavis[2625]: (02625-03) Passed CLEAN {RelayedInbound}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: HTJlJzy2n6tg, Hits: -, size: 6512, queued_as: 6DD9120B2, 359 ms
Aug 17 07:57:21 mail.facl.xyz amavis[2626]: (02626-03) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: QLf0QAUln62T, Hits: -, size: 1464, queued_as: 60EF>
Aug 17 07:59:30 mail.facl.xyz amavis[2625]: (02625-04) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: aT99rHW5Mj24, Hits: -, size: 1501, queued_as: >
**5b:**
`sudo journalctl -eu amavis`
– Reboot –
Aug 17 07:03:50 mail.facl.xyz systemd[1]: Starting LSB: Starts amavisd-new mailfilter…
Aug 17 07:03:50 mail.facl.xyz amavis[2014]: Starting amavisd:
Aug 17 07:03:50 mail.facl.xyz amavis[2081]: changed ownership of ‘/var/run/amavis’ from root:root to amavis:amavis
Aug 17 07:03:55 mail.facl.xyz amavis[2094]: starting. /usr/sbin/amavisd-new at mail.facl.xyz amavisd-new-2.11.0 (20160426), Unicode aware, LC_ALL=“C”, LANG=“en_US.UTF-8”
Aug 17 07:04:29 mail.facl.xyz amavis[2014]: amavisd-new.
Aug 17 07:04:29 mail.facl.xyz systemd[1]: Started LSB: Starts amavisd-new mailfilter.
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: Net::Server: Group Not Defined. Defaulting to EGID ‘133 133’
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: Net::Server: User Not Defined. Defaulting to EUID ‘125’
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No $altermime, not using it
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No ext program for .zoo, tried: zoo
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No ext program for .doc, tried: ripole
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No decoder for .F
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No decoder for .doc
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No decoder for .zoo
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: Using primary internal av scanner code for ClamAV-clamd
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Aug 17 07:09:30 mail.facl.xyz amavis[2625]: (02625-01) Passed CLEAN {RelayedInbound}, [127.0.0.1] [email protected] -> [email protected], Message-ID: [email protected], mail_id: PBii-TznnW04, Hits: -, size: 1909, queued_as: 535D4136D, 289 ms
Aug 17 07:19:30 mail.facl.xyz amavis[2626]: (02626-01) Passed CLEAN {RelayedInbound}, [127.0.0.1] [email protected] -> [email protected], Message-ID: [email protected], mail_id: zR8b8BRl0kNW, Hits: -, size: 1506, queued_as: 467AB136D, 244 ms
Aug 17 07:23:22 mail.facl.xyz amavis[2625]: (02625-02) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [172.27.224.1]:53208 [email protected] -> [email protected], Queue-ID: 9E6DD136D, Message-ID: [email protected], mail_id: GMBci>
Aug 17 07:34:30 mail.facl.xyz amavis[2626]: (02626-02) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [172.27.224.1]:55243 [email protected] -> [email protected], Queue-ID: 3F84D2311, Message-ID: [email protected], mail_id: Q27RZ>
Aug 17 07:34:30 mail.facl.xyz amavis[2625]: (02625-03) Passed CLEAN {RelayedInbound}, [127.0.0.1] [email protected] -> [email protected], Message-ID: [email protected], mail_id: HTJlJzy2n6tg, Hits: -, size: 6512, queued_as: 6DD9120B2, 359 ms
Aug 17 07:57:21 mail.facl.xyz amavis[2626]: (02626-03) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] [email protected] -> [email protected], Message-ID: [email protected], mail_id: QLf0QAUln62T, Hits: -, size: 1464, queued_as: 60EF>
Aug 17 07:59:30 mail.facl.xyz amavis[2625]: (02625-04) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] [email protected] -> [email protected], Message-ID: [email protected], mail_id: aT99rHW5Mj24, Hits: -, size: 1501, queued_as:
**6a:**
`sudo systemctl status fail2ban`
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-08-17 07:03:49 CDT; 4h 1min ago
Docs: man:fail2ban(1)
Process: 1897 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 1923 (f2b/server)
Tasks: 9 (limit: 9255)
CGroup: /system.slice/fail2ban.service
└─1923 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Aug 17 07:03:48 mail.facl.xyz systemd[1]: Starting Fail2Ban Service…
Aug 17 07:03:49 mail.facl.xyz systemd[1]: Started Fail2Ban Service.
Aug 17 07:03:52 mail.facl.xyz fail2ban-server[1923]: Server ready
**6b:**
`cat /var/log/fail2ban.log`
2021-08-17 07:03:51,347 fail2ban.server [1923]: INFO Starting Fail2ban v0.11.1
2021-08-17 07:03:51,358 fail2ban.observer [1923]: INFO Observer start…
2021-08-17 07:03:51,413 fail2ban.database [1923]: INFO Connected to fail2ban persistent database ‘/var/lib/fail2ban/fail2ban.sqlite3’
2021-08-17 07:03:51,462 fail2ban.jail [1923]: INFO Creating new jail ‘sshd’
2021-08-17 07:03:51,771 fail2ban.jail [1923]: INFO Jail ‘sshd’ uses pyinotify {}
2021-08-17 07:03:51,797 fail2ban.jail [1923]: INFO Initiated ‘pyinotify’ backend
2021-08-17 07:03:51,852 fail2ban.filter [1923]: INFO maxLines: 1
2021-08-17 07:03:52,135 fail2ban.filter [1923]: INFO maxRetry: 5
2021-08-17 07:03:52,137 fail2ban.filter [1923]: INFO findtime: 600
2021-08-17 07:03:52,138 fail2ban.actions [1923]: INFO banTime: 1200
2021-08-17 07:03:52,139 fail2ban.filter [1923]: INFO encoding: UTF-8
2021-08-17 07:03:52,160 fail2ban.filter [1923]: INFO Added logfile: ‘/var/log/auth.log’ (pos = 29053, hash = 647d772821ca854ff7f545b466d2881515965943)
2021-08-17 07:03:52,185 fail2ban.jail [1923]: INFO Creating new jail ‘postfix’
2021-08-17 07:03:52,185 fail2ban.jail [1923]: INFO Jail ‘postfix’ uses pyinotify {}
2021-08-17 07:03:52,234 fail2ban.jail [1923]: INFO Initiated ‘pyinotify’ backend
2021-08-17 07:03:52,313 fail2ban.filter [1923]: INFO maxRetry: 3
2021-08-17 07:03:52,316 fail2ban.filter [1923]: INFO findtime: 600
2021-08-17 07:03:52,317 fail2ban.actions [1923]: INFO banTime: 3600
2021-08-17 07:03:52,318 fail2ban.filter [1923]: INFO encoding: UTF-8
2021-08-17 07:03:52,370 fail2ban.filter [1923]: INFO Added logfile: ‘/var/log/mail.log’ (pos = 1102894, hash = 92f390993e3afc6852360ecc3a2243321232c865)
2021-08-17 07:03:52,374 fail2ban.jail [1923]: INFO Creating new jail ‘postfix-flood-attack’
2021-08-17 07:03:52,376 fail2ban.jail [1923]: INFO Jail ‘postfix-flood-attack’ uses pyinotify {}
2021-08-17 07:03:52,405 fail2ban.jail [1923]: INFO Initiated ‘pyinotify’ backend
2021-08-17 07:03:52,410 fail2ban.filter [1923]: INFO maxRetry: 3
2021-08-17 07:03:52,411 fail2ban.filter [1923]: INFO findtime: 600
2021-08-17 07:03:52,412 fail2ban.actions [1923]: INFO banTime: 1200
2021-08-17 07:03:52,413 fail2ban.filter [1923]: INFO encoding: UTF-8
2021-08-17 07:03:52,415 fail2ban.filter [1923]: INFO Added logfile: ‘/var/log/mail.log’ (pos = 1102894, hash = 92f390993e3afc6852360ecc3a2243321232c865)
2021-08-17 07:03:52,460 fail2ban.jail [1923]: INFO Jail ‘sshd’ started
2021-08-17 07:03:52,650 fail2ban.jail [1923]: INFO Jail ‘postfix’ started
2021-08-17 07:03:52,663 fail2ban.jail [1923]: INFO Jail ‘postfix-flood-attack’ started
2021-08-17 07:03:52,666 fail2ban.actions [1923]: NOTICE [postfix] Restore Ban 172.27.224.1
2021-08-17 07:15:46,935 fail2ban.actions [1923]: NOTICE [postfix] Unban 172.27.224.1
2021-08-17 07:22:29,621 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 07:22:29
2021-08-17 07:24:53,218 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 07:24:52
2021-08-17 07:28:23,070 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 07:28:22
2021-08-17 07:28:23,263 fail2ban.actions [1923]: NOTICE [postfix] Ban 172.27.224.1
2021-08-17 08:28:22,320 fail2ban.actions [1923]: NOTICE [postfix] Unban 172.27.224.1
2021-08-17 09:08:44,018 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 09:08:43
2021-08-17 09:20:37,479 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 09:20:37
2021-08-17 09:24:14,736 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 09:24:14
2021-08-17 09:26:41,101 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 09:26:40
2021-08-17 09:26:41,399 fail2ban.actions [1923]: NOTICE [postfix] Ban 172.27.224.1
2021-08-17 10:26:40,609 fail2ban.actions [1923]: NOTICE [postfix] Unban 172.27.224.1
2021-08-17 10:26:54,374 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 10:26:53
2021-08-17 10:31:30,242 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 10:31:29
2021-08-17 10:31:56,744 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 10:31:56
2021-08-17 10:31:57,074 fail2ban.actions [1923]: NOTICE [postfix] Ban 172.27.224.1