Fail2ban blocking me

phailo · July 18, 2019, 6:10pm

Hi community!

For the last two or three months I was getting issues logging to MIAB imap from my home network. The situation was getting worse and worse. Nowadays it is practically impossible to log. I’ve been doing some research and I found out that the problem is connected to Fail2ban. There are several blocked IP addresses which are all mine (I do use VPN a lot).

I am persistenly logged to 6 mail accounts on several devices via different mail clients (Outlook, Outlook iOS, Mail.app etc). My banned IPs are in the “Chain f2b-dovecot” (what explains Z-Push is working) and “Chain f2b-recidive”.

I really don’t know how are my IPs getting to fail2ban and I’d like to ask for a solution. Should I edit settings for fail2ban manually? How? Will I have to edit it after every update of MIAB?
My MIAB is current version and fully updated.

dhardyuk · July 19, 2019, 2:12pm

If you know your IP addresses and they are either static or fairly persistent then whitelist your IPs.

https://www.fail2ban.org/wiki/index.php/Whitelist

I’m not experienced with MiaB so I can’t advise on the exact steps to follow…

phailo · July 19, 2019, 3:54pm

Thank you, I’ve already whitelisted, but want to know why is it happening.

murgero · July 21, 2019, 5:47am

A few reasons:

Your computer or mobile device is compromised and someone is using it to brute force or otherwise try to access your email.
A device on your network (might not even be yours) could have malicous intent in the form of infection or local hacker (in the case of wireless with low-security like WEP or small password.)
You have an old device on your network still using an older password, and as it tried to sync to your remote MIAB server, it gets your IP blacklisted.

Just to name a couple. Login to each device in your home / office (where ever the IP is located) and change your password to match everywhere. Even if you think your email is not on a device, doublecheck, you would be amazed at how many time’s during my help desk days where a user calls in, “I can’t sign in!” and they almost always have the same issue: they changed a password within the last 30 days that they forgot to change on an old device that is in sleep mode ina drawer somewhere.

Good luck!

phailo · July 21, 2019, 6:47am

No. 1 or 2 is not probable but 3 might be. I’ll give it a try. Thank you!

phailo · July 25, 2019, 3:11pm

So there is an update. I had found out why is this happening. I’d like to share it because it might happen to someone else. The reason is this.

Once there was a notification of the v 0.42 available I had updated. Then there was a recall to 0.41 due to some issues so I downgraded. Everything went OK but it totally screwed Nextcloud. Nextcloud is not working at the moment. Since I had been using many CalDav calendars and contacts all my machines kept trying (unsuccessfuly) logging into calendars and contacts. These unsuccessfuly logins probably caused the bans.