On Tuesday 07 April 2020 10:09:07 Marius ROMAN wrote: > "ipset v7.1: Syntax error: '3600000' is out of range 0-2147483" > This is the problem. You could try to reduce the 'ban' time (for whatever rules you have for dovecot) so that it would be in that interval and restart fail2ban service. > Thanks to the help from Marius I no longer get the error and fail2ban appears to be working. I am still having troubhles with my firewall. I have a command firewall_ban which is: firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='$1' reject " I copied this from a web posting, and I it is supposed to do what I need, which is ban specific IP addresses. However, when I tried to ban an IP I grabbed from my EXIM logs I got an error [root@ollie2 ~]# firewall_ban 46.17.96.82 Warning: ALREADY_ENABLED: rule family='ipv4' source address='46.17.96.82' reject success [root@ollie2 ~]# I was not surprised by this error as I did think that I had already banned this address. However, this does now beg the question, why am I still seeing in my exim/main.log: 2020-04-08 13:34:41 H=(slot0.iso-taem.com) [46.17.96.82] sender verify defer for <administrator@xxxxxxxxxxxx>: host lookup did not complete 2020-04-08 13:34:41 H=(slot0.iso-taem.com) [46.17.96.82] F=<administrator@xxxxxxxxxxxx> temporarily rejected RCPT <auser@xxxxxxxxxxxxxx>: Could not complete sender verify Also, I am trying to add a failregex to match the following lines, but for some reason my attempts don't work. 2020-04-08 13:34:42 H=ip3.ip-144-217-187.net (swNLFAhhb9) [144.217.187.3] rejected EHLO or HELO swnlfahhb9: Your server with the IP 144.217.187.3 is with helo name (swNLFAhhb9) configured incorrectly. Email has been blocked. (HELO Error) My best attemp is this one, and when I try it with fail2ban-regex it matches every time, but in real life, it doesn't trigger banning anyone ^%(pid)s.* \[<HOST>\] rejected EHLO or HELO They appear to match is I run fail2ban-regex but in real life, they're not triggering bans. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos