How to unblock our blocked IP address if we are banned from any of our server services

botond published 2018. 10. 25., Cs - 01: 50 time

Content

Introductory

Even in the best family, you may have typed your password or the password you copied to the clipboard may not be correct, which may cause the system to block IP addresses. Well, these days I did the same while setting up my email addresses. Of course, this can be done with an FTP login, HTTP authentication, or any Internet service where you need to enter your password.

In this little description, it happened to me IMAP blocking my IP address when I set up my mailbox, I write about resolving the fact that if you find yourself in a similar situation, and suddenly you have no solution, you can save a few more searches on the Internet with this post.

Of course, this only works if we operate the server ourselves, from which our IP address has been disabled from any service, so we have (root) SSH access, and Fail2Ban program is also running on the server. In my case, specifically, it worked well In an ISPConfig server environment blocking occurred, which I was even happy to know later, knowing that the programs running on the server were doing their job well.

Making a mistake

One late night I set up my email addresses in a freshly installed Mozilla Thunderbird email client, set up three already, and then did a bit more checking than the following:

Mozilla Thunderbird - Email Account Setup - Find Configuration

Then the password is checked and then the error is thrown:

Mozilla Thunderbird - Email Account Setup - Wrong username or password

Then I copied my generated password again from my password store and started over again. I thought it would happen to anyone, no problem with that.

But then, when he was not good the third time, he put in a window like this:

Mozilla Thunderbird - Email Account Setup - Manual Setup

Well, from now on I could do anything, it wasn't good. In the meantime, I dropped my email address and tried another one's password. But you have already entered it with a good password.

What was interesting was that the email addresses that I had set up were synchronized nicely, so I didn't even think about blocking my IP address or anything like that at first.

Troubleshooting

Since I'm no longer at this point, I say I'll look around the server. I logged in as root and first looked at the end of /var/log/mail.log:

cat /var/log/mail.log | tail -40

And I found my IP address in the error message lines:

... postfix/submission/smtpd[16279]: improper command pipelining after EHLO from <ip-címem>: QUIT
... dovecot: imap-login: Disconnected (auth failed, 3 attempts in 26 secs): user=<email címem>, method=PLAIN, rip=<ip-címem>, lip=<szerver IP-címe>, TLS, session=...
... postfix/anvil[12691]: statistics: max connection rate 4/60s for (submission:<ip-címem>) at ...
... postfix/anvil[12691]: statistics: max connection count 2 for (submission:<ip-címem>) at ...

Well, then I say direction to the firewall:

iptables -L

Az iptables issued the chains at the behest of the lister, with many other blocked IP addresses like flies on the flip, and of course I found mine in the fail2ban-dovecot-pop3imap chain:

Chain fail2ban-dovecot-pop3imap (1 references)
target     prot opt source               destination
REJECT     all  --  <IP-címem>  anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

Only my own title was sitting in this chain, so I just had to unlock it.

Resolving a blocked IP address

It would have been easy to extract the blocked IP address with the appropriate command from iptables, but since Fail2Ban has added it to the list, it would not be advisable to log in, but in this case you should consult Fail2Ban.

I have already made a description of the About managing filters in Fail2Ban, where I was just setting up another jail, and here first I needed the exact names of the jails to reference the correct one because I didn't remember the names exactly:

fail2ban-client status
Status
|- Number of jail:      7
`- Jail list:           postfix-sasl, dovecot-pop3imap, apache-noscript, ssh, pureftpd, apache, apache-multiport

It was also: dovecot-pop3imap the name of my jail (there was only one "prefix in" fail2- "in iptables). I looked at my jail:

fail2ban-client status dovecot-pop3imap
Status for the jail: dovecot-pop3imap
|- filter
|  |- File list:        /var/log/mail.log
|  |- Currently failed: 1
|  `- Total failed:     7470
`- action
   |- Currently banned: 1
   |  `- IP list:       <ip-címem>
   `- Total banned:     9

My address is booming here, so it was only one step to get it right fail2ban-client command:

fail2ban-client set dovecot-pop3imap unbanip <ip-címem>

Then I looked at the status of the jail again with the previous command and it no longer had my address:

Status for the jail: dovecot-pop3imap
|- filter
|  |- File list:        /var/log/mail.log
|  |- Currently failed: 1
|  `- Total failed:     7470
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     9

After that I was able to set up my email address correctly with the correct password.

Conclusion

In retrospect, it took a single command to think of it all, but then, in the first few minutes, one had to think about where to go. So practicing was definitely good, so if you re-use it with another service, such as FTP, you'll get the IP address right from the right jail.

However, if SSH is similarly blocked and you are unable to access the console, you will have to wait for your own configuration bantime time because we will not get near our favorite terminal until then. Therefore, in order to prevent SSH from occurring in any way, I highly recommend password-free authentication key entry method.