Fail2ban and login_trusted_networks

Javi Legido javi at
Mon Dec 21 12:16:15 EET 2020

Hi there.

First of all many thanks to all the people involved in this project for
their time, I really appreciate it.

Second my use case:

a) Container running Webmail (roundcube) with dovecot-ident plugin enabled
b) Container running Dovecot (docker-mailserver-mysql
<>) with fail2ban

Since I need to add the private IP address of the webmail to
"login_trusted_networks" to "...allow to override their IP addresses and
ports" I can keep login to webmail even though if the IP is blocked.

Question: there's any way to:

a) Allow a certain IP range to override it's IP address and ports (as in
"login_trusted_networks") but
b) Be blocked, as any other incoming connections, by fail2ban?

More context. Once the public IP is banned ( in this example):

2020-12-21 10:10:31,371 fail2ban.filter         [309]: INFO    [dovecot]
Found - 2020-12-21 10:10:31
2020-12-21 10:10:39,189 fail2ban.filter         [309]: INFO    [dovecot]
Found - 2020-12-21 10:10:39
2020-12-21 10:10:51,222 fail2ban.filter         [309]: INFO    [dovecot]
Found - 2020-12-21 10:10:51
2020-12-21 10:10:52,008 fail2ban.actions        [309]: NOTICE  [dovecot]

I can't reach dovecot by telnet from this public IP:

telnet 143
Trying 9.9.9...
telnet: Unable to connect to remote host: Connection refused

Unless I removed the ban:

docker exec mail fail2ban-client set dovecot unbanip

Many thanks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the dovecot mailing list