# listed IP in /etc/hosts.deny don't get blocked

## krigav

I've a mail server running on a VPS using postfix+SASL. Everthing is working fine. Know I got attacked by some guys trying to get access my SMTP using brute force.

I've implemented IP blocking using fail2ban which will aadd the attacking IPs into /etc/hosts.deny. The attacker IP is listed in hosts.deny (ALL: 119.75.24.116) but I still receive login attempts. Why is the listed IP not blocked?

Thank you in advance for your help!

----------

## Moriah

What does your /etc/hosts.allow look like, and what is your policy in your firewall pertaining to ALLOW/DENY for /etc/hosts.* ?

----------

## feystorm

 *krigav wrote:*   

> I've a mail server running on a VPS using postfix+SASL. Everthing is working fine. Know I got attacked by some guys trying to get access my SMTP using brute force.
> 
> I've implemented IP blocking using fail2ban which will aadd the attacking IPs into /etc/hosts.deny. The attacker IP is listed in hosts.deny (ALL: 119.75.24.116) but I still receive login attempts. Why is the listed IP not blocked?
> 
> Thank you in advance for your help!

 

/etc/hosts.deny and hosts.allow are tcpwrapper config files. Only things which support tcpwrappers will obey the restrictions placed in these files, and postfix does not use tcpwrappers, so this will not work.

If you want to block specific IPs, you'll either have to do it with postfix's smtpd_client_restrictions + check_client_access, or iptables.

----------

## Moriah

I use iptables together with a file of ip addresses to block, and a script that adds them to the running iptables.

----------

