On Mon, Jan 22, 2024 at 04:28:09PM -0500, Steve Dondley via dovecot wrote:
OK, I was chasing log ghosts. What was actually going on was fail2ban was kicking on for users and banning them for 10 min.
I have no idea what is triggering it for so many different users from legit email addresses. Still investigating. But this appears to be a fail2ban problem, not a dovecot problem.
Oh you have my sympathies. fail2ban-client banned ipaddr. Get the ip addr of your users and see if they're banned like th is. Then use fail2ban-client unban. I can't tell you how often this happens to me.
What happens is users have phones and laptops and they then add a tablet and want their email on it so they end up messing up their password on their tablet, or worse, resetting their password in order to get mail on their tablet and then it screws up the other devices and it's an absolute nightmare to continually debug. It happens to multiple users who are at the same address, as in, my parents because they're all behind the same address in the router. It happens to multiple people who use New Outlook which insists on sucking all the mail into Microsoft's servers and then one user bans a swatch of addrs of those servers and random things break everywhere. I ended up whitelisting all of microsoft's mail servers in my jail.local:
40.80.0.0/12 40.74.0.0/15 40.120.0.0/14 40.125.0.0/17 40.76.0.0/14 40.96.0.0/12 40.124.0.0/16 40.112.0.0/13
Hope this helps. I have been there so many times and it's a regular occurance in my tech life chasing these ghosts.
Michael Grant