How to unblock our blocked IP address if we are banned from any of our server services

botond published March 2018, 10, Thu - 25:01 time
Fail2Ban and Iptables: Resolve a Disabled IP Address in an ISPConfig Server Environment In Debian

Content

 

Introductory

Even in the best family, the person may type their password or the password copied to the clipboard may not have been correct, causing the system to disable IP addresses. Well, I did the same the other day while I was setting up my email addresses. Of course it's one FTP it can also happen with login, HTTP authentication, or with any internet service where you have to enter your password.

In this little description, it happened to me IMAP disabling an IP address that occurred when setting up a mailbox, I describe resolving the fact that if someone else is in a similar situation and suddenly there is no solution at hand, this writing can save you a few more searches on the Internet.

Of course, this only works if we run the server ourselves, from which our IP address has been banned from one of the services, so we have (root) SSH access, and Fail2Ban program is also running on the server. In my case, specifically, it worked well In an ISPConfig server environment blocking occurred, which I was even happy to know later, knowing that the programs running on the server were doing their job well.

 

 

Making a mistake

One late night I set up my email addresses in a freshly installed Mozilla Thunderbird email client, set up three already, and then did a bit more checking than the following:

Mozilla Thunderbird - Email Account Setup - Find Configuration

Then the password is checked and then the error is thrown:

Mozilla Thunderbird - Email Account Setup - Wrong username or password

Then I copied my generated password again from my password store and started over again. I thought it would happen to anyone, no problem with that.

But then, when he was not good the third time, he put in a window like this:

Mozilla Thunderbird - Email Account Setup - Manual Setup

Well, from now on I could do anything, it wasn't good. In the meantime, I dropped my email address and tried another one's password. But you have already entered it with a good password.

What was interesting was that the email addresses that I had set up were synchronized nicely, so I didn't even think about blocking my IP address or anything like that at first.

 

Troubleshooting

Since I'm no longer at this point, I say I'll look around the server. I logged in as root and first looked at the end of /var/log/mail.log:

cat /var/log/mail.log | tail -40

And I found my IP address in the error message lines:

... postfix/submission/smtpd[16279]: improper command pipelining after EHLO from <ip-címem>: QUIT
... dovecot: imap-login: Disconnected (auth failed, 3 attempts in 26 secs): user=<email címem>, method=PLAIN, rip=<ip-címem>, lip=<szerver IP-címe>, TLS, session=...
... postfix/anvil[12691]: statistics: max connection rate 4/60s for (submission:<ip-címem>) at ...
... postfix/anvil[12691]: statistics: max connection count 2 for (submission:<ip-címem>) at ...

Well, then I say head to the firewall:

iptables -L

Az iptables issued the chains at the lister's command, with many other blocked IP addresses in them, of course, like flies on creature paper, and of course I found my own here in the fail2ban-dovecot-pop3imap chain:

Chain fail2ban-dovecot-pop3imap (1 references)
target     prot opt source               destination
REJECT     all  --  <IP-címem>  anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

Only my own title was sitting in this chain, so I just had to unlock it.

 

Resolving a blocked IP address

An easy solution here would have been to remove the blocked IP address with the appropriate command from iptables, but since Fail2Ban put it on the list, it would not have been advisable to reach in, and in that case you should contact Fail2Ban.

I have already made a description of the About managing filters in Fail2Ban, where I was just setting up another jail, and here first I needed the exact names of the jails to reference the correct one because I didn't remember the names exactly:

fail2ban-client status
Status
|- Number of jail:      7
`- Jail list:           postfix-sasl, dovecot-pop3imap, apache-noscript, ssh, pureftpd, apache, apache-multiport

It was also: dovecot-pop3imap the name of my jail (there was only one "prefix in" fail2- "in iptables). I looked at my jail:

fail2ban-client status dovecot-pop3imap
Status for the jail: dovecot-pop3imap
|- filter
|  |- File list:        /var/log/mail.log
|  |- Currently failed: 1
|  `- Total failed:     7470
`- action
   |- Currently banned: 1
   |  `- IP list:       <ip-címem>
   `- Total banned:     9

My address is booming here, so it was only one step to get it right fail2ban-client command:

fail2ban-client set dovecot-pop3imap unbanip <ip-címem>

Then I looked at the status of the jail again with the previous command and it no longer had my address:

Status for the jail: dovecot-pop3imap
|- filter
|  |- File list:        /var/log/mail.log
|  |- Currently failed: 1
|  `- Total failed:     7470
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     9

After that I was able to set up my email address correctly with the correct password.

 

Conclusion

In retrospect, it took a single command to think of it all, but then, in the first few minutes, one had to think about where to go. So practicing was definitely good, so if you re-use it with another service, such as FTP, you'll get the IP address right from the right jail.

However, if SSH is similarly blocked and you are unable to access the console, you will have to wait for your own configuration bantime time because we will not get near our favorite terminal until then. Therefore, in order to prevent SSH from occurring in any way, I highly recommend password-free authentication key entry method.

 

Related Content, Useful Links:

 

Tags
fail2ban
iptables
safety
blocked IP address
unlock
mail
Email