Your message dated Fri, 2 Mar 2018 23:28:21 +0000 with message-id <8b99201e-9906-6c68-df4b-06c0821de...@debian.org> and subject line Bug#867374: fail2ban: iptables fails because imap3 is an unknown port has caused the Debian Bug report #867374, regarding fail2ban: postfix-sasl jail crashes on trying to ban ip address to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 867374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867374 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: fail2ban Version: 0.9.6-2 Severity: important Fail2ban postfix-sasl jail crashes when trying to ban an IP address: Failed to execute ban jail 'postfix-sasl' action 'iptables-multiport' info 'CallingMap({'time': 1510389716.3446894, 'ip failures': <function Actions.__checkBan.<locals>.<lambda> at 0x7fb8d058a950>, 'ipjailmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7fb8d058a488>, 'ipjailfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7fb8d058a510>, 'matches': 'Nov 11 19:41:40 celaeno postfix/smtpd[12912]: warning: unknown[85.183.39.75]: SASL LOGIN authentication failed: authentication failure\nNov 11 19:41:48 celaeno postfix/smtpd[12912]: warning: unknown[85.183.39.75]: SASL LOGIN authentication failed: authentication failure\nNov 11 19:41:55 celaeno postfix/smtpd[12912]: warning: unknown[85.183.39.75]: SASL LOGIN authentication failed: authentication failure', 'ipmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7fb8d0592378>, 'failures': 3, 'ip': '85.183.39.75'})': Error starting action As a aresult postfix-sasl jail is not fucntiong correctly -- System Information: Debian Release: 9.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1), LANGUAGE=en_AU (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages fail2ban depends on: ii init-system-helpers 1.48 ii lsb-base 9.20161125 ii python3 3.5.3-1 Versions of packages fail2ban recommends: ii iptables 1.6.0+snapshot20161117-6 ii python 2.7.13-2 ii python3-pyinotify 0.9.6-1 ii python3-systemd 233-1 ii whois 5.2.17~deb9u1 Versions of packages fail2ban suggests: ii bsd-mailx [mailx] 8.1.2-0.20160123cvs-4 pn monit <none> ii syslog-ng-core [system-log-daemon] 3.8.1-10 -- /etc/fail2ban/jail.local file: [postfix-sasl] enabled = true port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s filter = postfix-sasl logpath = /var/log/mail.log bantime = 86400 maxretry = 3 usedns = warn findtime = 28800 -- Configuration Files: /etc/logrotate.d/fail2ban changed: /var/log/fail2ban.log { rotate 52 weekly dateext compress delaycompress missingok postrotate fail2ban-client set logtarget /var/log/fail2ban.log >/dev/null endscript # If fail2ban runs as non-root it still needs to have write access # to logfiles. # create 640 fail2ban adm create 640 root adm } -- no debconf information
--- End Message ---
--- Begin Message ---Version: 0.10.2-1 On Wed, 5 Jul 2017 23:00:17 -0700 Andres Salomon <andres4ma...@gmail.com> wrote: > Package: fail2ban > Version: 0.9.6-2 > Severity: normal > > Upon upgrading to stretch and enabling fail2ban for postfix-sasl, I > noticed the following error in fail2ban.log: > > 2017-07-05 22:46:55,944 fail2ban.action [4580]: ERROR iptables -w > -N f2b-postfix-sasl > iptables -w -A f2b-postfix-sasl -j RETURN > iptables -w -I INPUT -p tcp -m multiport --dports > smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl -- stdout: b'' > 2017-07-05 22:46:55,945 fail2ban.action [4580]: ERROR iptables -w > -N f2b-postfix-sasl > iptables -w -A f2b-postfix-sasl -j RETURN > iptables -w -I INPUT -p tcp -m multiport --dports > smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl -- stderr: > b"iptables v1.6.0: invalid port/service `imap3' specified\nTry `iptables -h' > or 'iptables --help' for more information.\n" This happened because netbase 5.4 dropped the "imap3" service. The port was dropped from fail2ban in 0.10.2 so this is now fixed. https://github.com/fail2ban/fail2ban/commit/9876dd44f93a0b012108ea1aceeccee21be03cb9 Jamessignature.asc
Description: OpenPGP digital signature
--- End Message ---