Hallo,
ich habe ein Problem mit Fail2Ban.
habe folgende Mitteilung erhalten:
Wie kann 127 geblokct werden, warum war das überhaupt notwending und was mach ich am besten dagegen?
Dank euch!
ich habe ein Problem mit Fail2Ban.
habe folgende Mitteilung erhalten:
Hi,
The IP 127.0.1.50 has just been banned by Fail2Ban after
3 attempts against postfix.
Here are more information about 127.0.1.50:
#
# Query terms are ambiguous. The query is assumed to be:
# "n 127.0.1.50"
#
# Use "?" to get help.
#
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=127.0.1.50?showDetails=true&showARIN=false&ext=netref2
#
NetRange: 127.0.0.0 - 127.255.255.255
CIDR: 127.0.0.0/8
OriginAS:
NetName: SPECIAL-IPV4-LOOPBACK-IANA-RESERVED
NetHandle: NET-127-0-0-0-1
Parent:
NetType: IANA Special Use
Comment: This block is assigned for use as the Internet
Comment: host loopback address. Datagrams sent to
Comment: addresses anywhere within this block loops back
Comment: inside the host. Many implementation only
Comment: support this for 127.0.0.1. This block was
Comment: assigned by the IETF in the Standard document,
Comment: RFC 1122 and is further documented in the Best
Comment: Current Practice document RFC 5735. These
Comment: documents can be found at:
Comment: http://www.rfc-editor.org/rfc/rfc1122.txt
Comment: http://www.rfc-editor.org/rfc/rfc5735.txt
RegDate:
Updated: 2010-04-14
Ref: http://whois.arin.net/rest/net/NET-127-0-0-0-1
OrgName: Internet Assigned Numbers Authority
OrgId: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
RegDate:
Updated: 2004-02-24
Ref: http://whois.arin.net/rest/org/IANA
OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org
OrgTechRef: http://whois.arin.net/rest/poc/IANA-IP-ARIN
OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org
OrgAbuseRef: http://whois.arin.net/rest/poc/IANA-IP-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
Lines containing IP:127.0.1.50 in /var/log/mail.log
Feb 9 10:32:37 c061 postfix/smtpd[28646]: connect from unknown[127.0.1.50]
Feb 9 10:32:37 c061 postfix/smtpd[28646]: NOQUEUE: reject: RCPT from unknown[127.0.1.50]: 554 5.7.1 <amanda@pdcfornurses.com>: Relay access denied; from=<jonesb@pbso.org> to=<amanda@pdcfornurses.com> proto=SMTP helo=<localhost>
Feb 9 10:32:37 c061 postfix/smtpd[28646]: lost connection after RCPT from unknown[127.0.1.50]
Feb 9 10:32:37 c061 postfix/smtpd[28646]: disconnect from unknown[127.0.1.50]
Feb 9 10:34:31 c061 postfix/smtpd[28636]: connect from unknown[127.0.1.50]
Feb 9 10:34:31 c061 postfix/smtpd[28636]: NOQUEUE: reject: RCPT from unknown[127.0.1.50]: 554 5.7.1 <elkimek@ultradots.com>: Relay access denied; from=<ablrecruiting@acuitybrands.com> to=<elkimek@ultradots.com> proto=SMTP helo=<localhost>
Feb 9 10:34:31 c061 postfix/smtpd[28636]: lost connection after RCPT from unknown[127.0.1.50]
Feb 9 10:34:31 c061 postfix/smtpd[28636]: disconnect from unknown[127.0.1.50]
Feb 9 10:39:38 c061 postfix/smtpd[28636]: connect from unknown[127.0.1.50]
Feb 9 10:39:38 c061 postfix/smtpd[28636]: NOQUEUE: reject: RCPT from unknown[127.0.1.50]: 554 5.7.1 <allinafac@shahnaur.com>: Relay access denied; from=<sur80@worcestericecats.com> to=<allinafac@shahnaur.com> proto=SMTP helo=<localhost>
Feb 9 10:39:38 c061 postfix/smtpd[28636]: lost connection after RCPT from unknown[127.0.1.50]
Feb 9 10:39:38 c061 postfix/smtpd[28636]: disconnect from unknown[127.0.1.50]
Regards,
Wie kann 127 geblokct werden, warum war das überhaupt notwending und was mach ich am besten dagegen?
Dank euch!