Bug#881449: fail2ban: postfix-sasl jail crashes on trying to ban ip address

[James Cowgill]

Control: forcemerge 867374 -1

Hi,

On Sun, 12 Nov 2017 09:18:09 +1100 Tomasz Ciolek  wrote:
> Package: fail2ban
> Version: 0.9.6-2
> Severity: important
> 
> Fail2ban postfix-sasl jail crashes when trying to ban an IP address: 
> 
> Failed to execute ban jail 'postfix-sasl' action 'iptables-multiport' info 
> 'CallingMap({'time': 1510389716.3446894, 'ip failures':  Actions.__checkBan.. at 0x7fb8d058a950>, 'ipjailmatches': 
> . at 0x7fb8d058a488>, 
> 'ipjailfailures': . at 
> 0x7fb8d058a510>, 'matches': 'Nov 11 19:41:40 celaeno postfix/smtpd[12912]: 
> warning: unknown[85.183.39.75]: SASL LOGIN authentication failed: 
> authentication failure\nNov 11 19:41:48 celaeno postfix/smtpd[12912]: 
> warning: unknown[85.183.39.75]: SASL LOGIN authentication failed: 
> authentication failure\nNov 11 19:41:55 celaeno postfix/smtpd[12912]: 
> warning: unknown[85.183.39.75]: SASL LOGIN authentication failed: 
> authentication failure', 'ipmatches':  Actions.__checkBan.. at 0x7fb8d0592378>, 'failures': 3, 'ip': 
> '85.183.39.75'})': Error starting action
> 
> As a aresult postfix-sasl jail is not fucntiong correctly
[...]
> -- /etc/fail2ban/jail.local file: 
> 
> [postfix-sasl]
> enabled  = true
> port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s

This is probably a duplicate of #867374 relating to the use of imap3, so
I am marking it as such. Try removing imap3 from this port list.

James



signature.asc
Description: OpenPGP digital signature

Bug#881449: fail2ban: postfix-sasl jail crashes on trying to ban ip address

[Tomasz Ciolek]

Package: fail2ban
Version: 0.9.6-2
Severity: important

Fail2ban postfix-sasl jail crashes when trying to ban an IP address: 

Failed to execute ban jail 'postfix-sasl' action 'iptables-multiport' info 
'CallingMap({'time': 1510389716.3446894, 'ip failures': . at 0x7fb8d058a950>, 'ipjailmatches': 
. at 0x7fb8d058a488>, 
'ipjailfailures': . at 
0x7fb8d058a510>, 'matches': 'Nov 11 19:41:40 celaeno postfix/smtpd[12912]: 
warning: unknown[85.183.39.75]: SASL LOGIN authentication failed: 
authentication failure\nNov 11 19:41:48 celaeno postfix/smtpd[12912]: warning: 
unknown[85.183.39.75]: SASL LOGIN authentication failed: authentication 
failure\nNov 11 19:41:55 celaeno postfix/smtpd[12912]: warning: 
unknown[85.183.39.75]: SASL LOGIN authentication failed: authentication 
failure', 'ipmatches': . at 
0x7fb8d0592378>, 'failures': 3, 'ip': '85.183.39.75'})': Error starting action

As a aresult postfix-sasl jail is not fucntiong correctly


-- System Information:
Debian Release: 9.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1), LANGUAGE=en_AU 
(charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fail2ban depends on:
ii  init-system-helpers  1.48
ii  lsb-base 9.20161125
ii  python3  3.5.3-1

Versions of packages fail2ban recommends:
ii  iptables   1.6.0+snapshot20161117-6
ii  python 2.7.13-2
ii  python3-pyinotify  0.9.6-1
ii  python3-systemd233-1
ii  whois  5.2.17~deb9u1

Versions of packages fail2ban suggests:
ii  bsd-mailx [mailx]   8.1.2-0.20160123cvs-4
pn  monit   
ii  syslog-ng-core [system-log-daemon]  3.8.1-10

-- /etc/fail2ban/jail.local file: 

[postfix-sasl]
enabled  = true
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter   = postfix-sasl
logpath  = /var/log/mail.log
bantime  = 86400
maxretry = 3
usedns = warn
findtime = 28800


-- Configuration Files:
/etc/logrotate.d/fail2ban changed:
/var/log/fail2ban.log {
   
rotate 52
weekly
dateext
compress
delaycompress
missingok
postrotate
fail2ban-client set logtarget /var/log/fail2ban.log >/dev/null
endscript
# If fail2ban runs as non-root it still needs to have write access
# to logfiles.
# create 640 fail2ban adm
create 640 root adm
}


-- no debconf information