debian

Debian fail2ban iptables errors

I was getting a strange error in Debian after configuring fail2ban. Mainly around the error | grep -q ‘f2b-postfix-sasl[ \t]’ — stdout: b’. While there was a bunch of errors and warning around it, it was a pretty easy fix.

2019-09-24 23:12:17,556 fail2ban.action         [9002]: ERROR   iptables -n -L INPUT | grep -q 'f2b-postfix-sasl[ \t]' -- stdout: b''
 2019-09-24 23:12:17,559 fail2ban.action         [9002]: ERROR   iptables -n -L INPUT | grep -q 'f2b-postfix-sasl[ \t]' -- stderr: b''
 2019-09-24 23:12:17,559 fail2ban.action         [9002]: ERROR   iptables -n -L INPUT | grep -q 'f2b-postfix-sasl[ \t]' -- returned 1
 2019-09-24 23:12:17,560 fail2ban.CommandAction  [9002]: ERROR   Invariant check failed. Trying to restore a sane environment
 2019-09-24 23:12:17,775 fail2ban.actions        [9002]: NOTICE  [sshd] Ban 119.28.21.45
 2019-09-24 23:12:17,990 fail2ban.action         [9002]: ERROR   iptables -N f2b-postfix-sasl
 iptables -A f2b-postfix-sasl -j RETURN
 iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl -- stdout: b''
 2019-09-24 23:12:17,994 fail2ban.action         [9002]: ERROR   iptables -N f2b-postfix-sasl
 iptables -A f2b-postfix-sasl -j RETURN
 iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl -- stderr: b"iptables v1.6.0: invalid port/service imap3' specified\nTryiptables -h' or 'iptables --help' for more information.\n"
 2019-09-24 23:12:17,995 fail2ban.action         [9002]: ERROR   iptables -N f2b-postfix-sasl
 iptables -A f2b-postfix-sasl -j RETURN
 iptables -I INPUT -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl -- returned 2
 2019-09-24 23:12:17,995 fail2ban.actions        [9002]: ERROR   Failed to execute ban jail 'postfix-sasl' action 'iptables-multiport' info 'CallingMap({'time': 1569330737.2296522, 'matches': 'Sep 24 06:21:54 mail postfix/smtpd[7693]: warning: unknown[92.118.38.52]: SASL LOGIN authentication failed: authentication failure\nSep 24 06:25:00 mail postfix/smtpd[7900]: warning: unknown[92.118.38.52]: SASL LOGIN authentication failed: authentication failure\nSep 24 06:28:23 mail postfix/smtpd[7900]: warning: unknown[92.118.38.52]: SASL LOGIN authentication failed: authentication failure\nSep 24 06:31:30 mail postfix/smtpd[8715]: warning: unknown[92.118.38.52]: SASL LOGIN authentication failed: authentication failure', 'failures': 4, 'ip': '92.118.38.52', 'ipmatches': . at 0x7fc1db5fdd08>, 'ipjailfailures': . at 0x7fc1db56c1e0>, 'ipjailmatches': . at 0x7fc1db56c158>, 'ipfailures': . at 0x7fc1db56c0d0>})': Error starting action

Within the SASL rules in fail2ban, having imap3 in the port sectionw as causing the issue.

[postfix-sasl]

enabled  = true
port     = smtp,465,submission,imaps,pop3,pop3s, imap3
Interesting\\ Helpful?
YN

Leave a Reply

Your email address will not be published. Required fields are marked *