I was getting a strange error in Debian after configuring fail2ban. Mainly around the error | grep -q ‘f2b-postfix-sasl[ \t]’ — stdout: b’. While there was a bunch of errors and warning around it, it was a pretty easy fix.
2019-09-24 23:12:17,556 fail2ban.action [9002]: ERROR iptables -n -L INPUT | grep -q 'f2b-postfix-sasl[ \t]' -- stdout: b''
2019-09-24 23:12:17,559 fail2ban.action [9002]: ERROR iptables -n -L INPUT | grep -q 'f2b-postfix-sasl[ \t]' -- stderr: b''
2019-09-24 23:12:17,559 fail2ban.action [9002]: ERROR iptables -n -L INPUT | grep -q 'f2b-postfix-sasl[ \t]' -- returned 1
2019-09-24 23:12:17,560 fail2ban.CommandAction [9002]: ERROR Invariant check failed. Trying to restore a sane environment
2019-09-24 23:12:17,775 fail2ban.actions [9002]: NOTICE [sshd] Ban 119.28.21.45
2019-09-24 23:12:17,990 fail2ban.action [9002]: ERROR iptables -N f2b-postfix-sasl
iptables -A f2b-postfix-sasl -j RETURN
iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl -- stdout: b''
2019-09-24 23:12:17,994 fail2ban.action [9002]: ERROR iptables -N f2b-postfix-sasl
iptables -A f2b-postfix-sasl -j RETURN
iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl -- stderr: b"iptables v1.6.0: invalid port/service imap3' specified\nTryiptables -h' or 'iptables --help' for more information.\n"
2019-09-24 23:12:17,995 fail2ban.action [9002]: ERROR iptables -N f2b-postfix-sasl
iptables -A f2b-postfix-sasl -j RETURN
iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl -- returned 2
2019-09-24 23:12:17,995 fail2ban.actions [9002]: ERROR Failed to execute ban jail 'postfix-sasl' action 'iptables-multiport' info 'CallingMap({'time': 1569330737.2296522, 'matches': 'Sep 24 06:21:54 mail postfix/smtpd[7693]: warning: unknown[92.118.38.52]: SASL LOGIN authentication failed: authentication failure\nSep 24 06:25:00 mail postfix/smtpd[7900]: warning: unknown[92.118.38.52]: SASL LOGIN authentication failed: authentication failure\nSep 24 06:28:23 mail postfix/smtpd[7900]: warning: unknown[92.118.38.52]: SASL LOGIN authentication failed: authentication failure\nSep 24 06:31:30 mail postfix/smtpd[8715]: warning: unknown[92.118.38.52]: SASL LOGIN authentication failed: authentication failure', 'failures': 4, 'ip': '92.118.38.52', 'ipmatches': . at 0x7fc1db5fdd08>, 'ipjailfailures': . at 0x7fc1db56c1e0>, 'ipjailmatches': . at 0x7fc1db56c158>, 'ipfailures': . at 0x7fc1db56c0d0>})': Error starting action
Within the SASL rules in fail2ban, having imap3 in the port sectionw as causing the issue.
[postfix-sasl]
enabled = true
port = smtp,465,submission,imaps,pop3,pop3s, imap3
0 Comments