rampart:unban() without an address unbans the connected client address in the following resolution order:
| Layer | Variable |
|---|---|
| ENV | APNSCP_CLIENT_IP |
| HTTP | X-Forwarded-For (requires [core] => http_trusted_forward) |
| HTTP | REMOTE_ADDR |
| ENV | SSH_CLIENT |
bash
# Check self is banned
cpcmd rampart:is-banned
# Unban self
cpcmd rampart:unban
# Get ban reason from fail2ban
cpcmd rampart:get-reasonAll commands above can be also run against a specific IP e.g. cpcmd rampart:is-banned 1.2.3.4.
Problem fat-fingering passwords + dynamic IP? Use cp.whitelist-access true to always permit panel access even if banned. Only rampart:blacklist has precedence when set.
Temporarily whitelist IP for inbound email
Temporarily whitelisting a blocked IP (i.e.: listed at spamcop.net) can be achived by adding the IP to /etc/postfix/postscreen_access.cidr, either IP or in CIDR notation (1.2.3.4/24), then applying via postmap:
bash
postmap /etc/postfix/postscreen_access.cidr