Hello,
I am getting the Fail2ban notifications via watchdog just fine, but I can’t tell what service is being attacked. The whois information is great, but how do I get information on which service is being used? I assume they are after postfix and I would like to block larger subnets from Russia and Chine for instance, but I would like to limit them to port 25 or 993 for instance.
Thank you!