весь лог фаил2бана такой зацикленный:
2019-05-13 20:17:18,184 fail2ban.filter [1763]: INFO [postfix-iptables-sasl] Found 139.28.175.150
2019-05-13 20:17:18,399 fail2ban.actions [1763]: NOTICE [postfix-iptables-sasl] 139.28.175.150 already banned
iptables -L | grep 139.28.175.150
REJECT all — 139.28.175.150 anywhere reject-with icmp-port-unreachable
фильтр:
postfix-sasl
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds]
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:[ A-Za-z0-9+/:]*={0,2})?\s*$
ignoreregex = authentication failed: Connection lost to authentication server$
[Init]
journalmatch = _SYSTEMD_UNIT=postfix.service
jail.local:
[postfix-iptables-sasl]
enabled = true
filter = postfix-sasl
action = iptables[name=Postfix-smtp, port=smtp, protocol=tcp]
#sendmail[name=Postfix-smtp, dest=usrcwp@zwex.tk]
logpath = /var/log/maillog
bantime = 36000
maxretry = 1
findtime = 86400