I keep getting emails from fail2ban. I thought I was set as the administrator but it must be going to another address. Dows this mean somone is attempting to hack my system?
I would appreciate and any help and advice so I do not get hacked and may continue to have a safe secure system.
Delivery to the following recipient failed permanently:
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain yourpbx.com by smtp.secureserver.net. [72.167.238.201].
The error that the other server returned was:
550 #5.1.0 Address rejected.
----- Original message -----
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=subject:from:to:message-id:date;
bh=to21McrkK/1VAug8v1+cNjHZOv4vvyHxZQkOdorbvxk=;
b=BJ5k9SNE/MyRgzuitPeBOtGqrUyAdyYq6Uj3sMJ9JmoOLs1BRPzDU9O6L0kqFhmEWe
N+9jbgHJkbMLq7qGnIT1l+nLdKSaa4MGWyrMIBId7yz0la04ZuPqvb8qShgrFI9XvRoc
4zO7eylcn7os01vWqZYfH+zCC9HNGl1w5Hccz2x8hOoTxW8DdZllIVVnKFbVACGnRgQ3
osRMILunsCC/kwbTXuYD6s3noVe6kOl7T6SvJteFb3sUnej60EY58cloNaKSkb0HvEh3
gpLojscVuis945esLIHbCCmPbKq6Km+gJ/OZD+PNlE3ND1EcN3ubG/uN9q24Zv93H6zo
PygQ==
X-Received: by 10.236.32.3 with SMTP id n3mr3252996yha.25.1379630831321;
Thu, 19 Sep 2013 15:47:11 -0700 (PDT)
Return-Path: [email protected]
Received: from localhost.localdomain
by mx.google.com with ESMTPSA id 9sm14068644yhe.21.1969.12.31.16.00.00
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Thu, 19 Sep 2013 15:47:09 -0700 (PDT)
Received: by localhost.localdomain (Postfix, from userid 0)
id 93CD53800E2; Thu, 19 Sep 2013 18:47:06 -0400 (EDT)
Subject: [Fail2Ban] SIP: banned 142.54.168.146
From: Fail2Ban [email protected]
To: [email protected]
Message-Id: [email protected]
Date: Thu, 19 Sep 2013 18:47:06 -0400 (EDT)
Hi,
The IP 142.54.168.146 has just been banned by Fail2Ban after
5 attempts against SIP.
I am novice at this so please be patient. I purchased the sysadmin pro module to assist me with the email, and yes I could only get my google.mail account to be the one to send me emails. I can’t seem to get my existing mail server or the internal one of freepbx to send me mail user my account information I setup for my mail server. So helping me with the configuration would be great, e.g. where to go and what to set.
Sanjay: I can do what you ask but I am not sure what the reports will tell me, probably that someone is trying to access my server but not using the right information. What do those commands do and how should I use them?
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 736K packets, 196M bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-BadBots (1 references)
pkts bytes target prot opt in out source destination
9986 1360K RETURN all – * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-FTP (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all – * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-PBX-GUI (1 references)
pkts bytes target prot opt in out source destination
1077K 378M RETURN all – * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-SIP (1 references)
pkts bytes target prot opt in out source destination
3952K 1088M RETURN all – * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-SSH (1 references)
pkts bytes target prot opt in out source destination
171 13605 RETURN all – * * 0.0.0.0/0 0.0.0.0/0
[root@localhost ~]# fail2ban-client status
Status
|- Number of jail: 5 - Jail list: apache-badbots, apache-tcpwrapper, ssh-iptables, asterisk-iptables, vsftpd-iptables [root@localhost ~]# fail2ban-client status asterisk-iptables Status for the jail: asterisk-iptables |- filter | |- File list: /var/log/asterisk/fail2ban | |- Currently failed: 0 |- Total failed: 339 - action |- Currently banned: 0 |- IP list:
`- Total banned: 45
I checked this and I dont know the IP 64.251… trying to access here but since less than 8 I didn’t receive any notice. Any advice for me or is it normal people trying to access?
[2013-09-30 03:41:02] Asterisk 11.5.1 built by root @ jenkins-el6-32.schmoozecom.net on a i686 running Linux on 2013-09-19 14:01:43 UTC
[2013-09-30 12:00:57] NOTICE[663] chan_sip.c: Registration from ‘“1” sip:[email protected]:5060’ failed for ‘64.251.13.24:5065’ - Wrong password
[2013-09-30 12:01:14] NOTICE[663] chan_sip.c: Registration from ‘“2” sip:[email protected]:5060’ failed for ‘64.251.13.24:5071’ - Wrong password
[2013-09-30 12:01:26] NOTICE[663] chan_sip.c: Registration from ‘“3” sip:[email protected]:5060’ failed for ‘64.251.13.24:5065’ - Wrong password
[2013-09-30 12:01:44] NOTICE[663] chan_sip.c: Registration from ‘“4” sip:[email protected]:5060’ failed for ‘64.251.13.24:5070’ - Wrong password
[2013-09-30 12:01:49] NOTICE[663] chan_sip.c: Registration from ‘“5” sip:[email protected]:5060’ failed for ‘64.251.13.24:5061’ - Wrong password
[2013-09-30 12:07:22] Asterisk 11.5.1 built by root @ jenkins-el6-32.schmoozecom.net on a i686 running Linux on 2013-09-19 14:01:43 UTC
[2013-09-30 12:07:22] NOTICE[12790] confbridge/conf_config_parser.c: Adding default_bridge profile to app_confbridge
[2013-09-30 12:07:22] NOTICE[12790] confbridge/conf_config_parser.c: Adding default_user profile to app_confbridge
[2013-09-30 12:07:22] NOTICE[12790] res_odbc.c: Connecting asteriskcdrdb
[2013-09-30 12:07:22] NOTICE[12790] res_odbc.c: res_odbc: Connected to asteriskcdrdb [MySQL-asteriskcdrdb]
[2013-09-30 12:07:22] NOTICE[12790] iax2-provision.c: No IAX provisioning configuration found, IAX provisioning disabled.
[2013-09-30 12:07:22] NOTICE[665] chan_mgcp.c: Unable to load config mgcp.conf, MGCP disabled
[2013-09-30 12:07:22] NOTICE[12790] res_config_ldap.c: Cannot reload LDAP RealTime driver.
[2013-09-30 12:07:22] NOTICE[12790] res_odbc.c: Connecting asteriskcdrdb
[2013-09-30 12:07:22] NOTICE[12790] res_odbc.c: res_odbc: Connected to asteriskcdrdb [MySQL-asteriskcdrdb]
[2013-09-30 12:07:22] NOTICE[12790] res_odbc.c: Registered ODBC class ‘asteriskcdrdb’ dsn->[MySQL-asteriskcdrdb]
How do you send email out using CLI? I thought sysadminpro was going to change or allow me to setup email easily from my GUI without having to make command line changes. Perhaps that is not correct. I would like to try and properly use email, and have the proper accounts so I can track messages sent out. Any assistance would be appreciate as I am a novice. I really like this system and would like to push it to clients, etc., great possibilities.