Hi there.
First of all many thanks to all the people involved in this project for their time, I really appreciate it.
Second my use case:
a) Container running Webmail (roundcube) with dovecot-ident plugin enabled <https://github.com/roundcube/roundcubemail/issues/5336#issuecomment-228131074> . b) Container running Dovecot 2.3.4.1 (docker-mailserver-mysql <https://github.com/Kedu-SCCL/docker-mailserver-mysql>) with fail2ban enabled
Since I need to add the private IP address of the webmail to "login_trusted_networks" to "...allow to override their IP addresses and ports" I can keep login to webmail even though if the IP is blocked.
Question: there's any way to:
a) Allow a certain IP range to override it's IP address and ports (as in "login_trusted_networks") but b) Be blocked, as any other incoming connections, by fail2ban?
More context. Once the public IP is banned (8.8.8.8 in this example):
2020-12-21 10:10:31,371 fail2ban.filter [309]: INFO [dovecot]
Found 8.8.8.8 - 2020-12-21 10:10:31
2020-12-21 10:10:39,189 fail2ban.filter [309]: INFO [dovecot]
Found 8.8.8.8 - 2020-12-21 10:10:39
2020-12-21 10:10:51,222 fail2ban.filter [309]: INFO [dovecot]
Found 8.8.8.8 - 2020-12-21 10:10:51
2020-12-21 10:10:52,008 fail2ban.actions [309]: NOTICE [dovecot]
Ban 8.8.8.8
I can't reach dovecot by telnet from this public IP:
telnet mail.example.com 143
Trying 9.9.9...
telnet: Unable to connect to remote host: Connection refused
Unless I removed the ban:
docker exec mail fail2ban-client set dovecot unbanip 8.8.8.8
Many thanks.
Javier