Bug#881449: marked as done (fail2ban: postfix-sasl jail crashes on trying to ban ip address)

Fri, 02 Mar 2018 15:34:13 -0800 

Your message dated Fri, 2 Mar 2018 23:28:21 +0000
with message-id <8b99201e-9906-6c68-df4b-06c0821de...@debian.org>
and subject line Bug#867374: fail2ban: iptables fails because imap3 is an 
unknown port
has caused the Debian Bug report #867374,
regarding fail2ban: postfix-sasl jail crashes on trying to ban ip address
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867374
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: fail2ban
Version: 0.9.6-2
Severity: important

Fail2ban postfix-sasl jail crashes when trying to ban an IP address: 

Failed to execute ban jail 'postfix-sasl' action 'iptables-multiport' info 
'CallingMap({'time': 1510389716.3446894, 'ip failures': <function 
Actions.__checkBan.<locals>.<lambda> at 0x7fb8d058a950>, 'ipjailmatches': 
<function Actions.__checkBan.<locals>.<lambda> at 0x7fb8d058a488>, 
'ipjailfailures': <function Actions.__checkBan.<locals>.<lambda> at 
0x7fb8d058a510>, 'matches': 'Nov 11 19:41:40 celaeno postfix/smtpd[12912]: 
warning: unknown[85.183.39.75]: SASL LOGIN authentication failed: 
authentication failure\nNov 11 19:41:48 celaeno postfix/smtpd[12912]: warning: 
unknown[85.183.39.75]: SASL LOGIN authentication failed: authentication 
failure\nNov 11 19:41:55 celaeno postfix/smtpd[12912]: warning: 
unknown[85.183.39.75]: SASL LOGIN authentication failed: authentication 
failure', 'ipmatches': <function Actions.__checkBan.<locals>.<lambda> at 
0x7fb8d0592378>, 'failures': 3, 'ip': '85.183.39.75'})': Error starting action

As a aresult postfix-sasl jail is not fucntiong correctly


-- System Information:
Debian Release: 9.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1), LANGUAGE=en_AU 
(charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fail2ban depends on:
ii  init-system-helpers  1.48
ii  lsb-base             9.20161125
ii  python3              3.5.3-1

Versions of packages fail2ban recommends:
ii  iptables           1.6.0+snapshot20161117-6
ii  python             2.7.13-2
ii  python3-pyinotify  0.9.6-1
ii  python3-systemd    233-1
ii  whois              5.2.17~deb9u1

Versions of packages fail2ban suggests:
ii  bsd-mailx [mailx]                   8.1.2-0.20160123cvs-4
pn  monit                               <none>
ii  syslog-ng-core [system-log-daemon]  3.8.1-10

-- /etc/fail2ban/jail.local file: 

[postfix-sasl]
enabled  = true
port     = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter   = postfix-sasl
logpath  = /var/log/mail.log
bantime  = 86400
maxretry = 3
usedns = warn
findtime = 28800


-- Configuration Files:
/etc/logrotate.d/fail2ban changed:
/var/log/fail2ban.log {
   
    rotate 52
    weekly
    dateext
    compress
    delaycompress
    missingok
    postrotate
        fail2ban-client set logtarget /var/log/fail2ban.log >/dev/null
    endscript
    # If fail2ban runs as non-root it still needs to have write access
    # to logfiles.
    # create 640 fail2ban adm
    create 640 root adm
}


-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 0.10.2-1

On Wed, 5 Jul 2017 23:00:17 -0700 Andres Salomon <andres4ma...@gmail.com> wrote:
> Package: fail2ban
> Version: 0.9.6-2
> Severity: normal
> 
> Upon upgrading to stretch and enabling fail2ban for postfix-sasl, I
> noticed the following error in fail2ban.log:
> 
> 2017-07-05 22:46:55,944 fail2ban.action         [4580]: ERROR   iptables -w 
> -N f2b-postfix-sasl
> iptables -w -A f2b-postfix-sasl -j RETURN
> iptables -w -I INPUT -p tcp -m multiport --dports 
> smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl -- stdout: b''
> 2017-07-05 22:46:55,945 fail2ban.action         [4580]: ERROR   iptables -w 
> -N f2b-postfix-sasl
> iptables -w -A f2b-postfix-sasl -j RETURN
> iptables -w -I INPUT -p tcp -m multiport --dports 
> smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl -- stderr: 
> b"iptables v1.6.0: invalid port/service `imap3' specified\nTry `iptables -h' 
> or 'iptables --help' for more information.\n"

This happened because netbase 5.4 dropped the "imap3" service.

The port was dropped from fail2ban in 0.10.2 so this is now fixed.
https://github.com/fail2ban/fail2ban/commit/9876dd44f93a0b012108ea1aceeccee21be03cb9

James

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---

Reply via email to