1 Topic by stefg27

  • stefg27
  • Member
  • Offline
  • Registered: 2019-01-23
  • Posts: 1

Topic: fail2ban error

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? NO
- Linux/BSD distribution name and version: Debian 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? NO
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I've installed iRedMail 0.9.9 last week and everething went ok. Today I've received netdata email about ram available and I decided to restart the server. After restart, the ram available reverted back to normal, but I've noticed in netdata that fail2ban didn't show up.
I've checked 'sudo systemctl status fail2ban' and this is what I've got:

fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-01-23 12:33:32 GMT; 25min ago
     Docs: man:fail2ban(1)
  Process: 2569 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=0/SUCCESS)
  Process: 2606 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=0/SUCCESS)
 Main PID: 2610 (fail2ban-server)
    Tasks: 17 (limit: 4915)
   CGroup: /system.slice/fail2ban.service
           └─2610 /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b

Jan 23 12:33:32 mail.domain.co.uk fail2ban.jail[2610]: INFO Jail 'sogo-iredmail' started
Jan 23 12:33:32 mail.domain.co.uk systemd[1]: Started Fail2Ban Service.
Jan 23 12:33:32 mail.domain.co.uk fail2ban.action[2610]: ERROR iptables -w -N f2b-sshd
                                                              iptables -w -A f2b-sshd -j RETURN
                                                              iptables -w -I INPUT -p tcp -m multiport --dports  -j f2b-sshd -- stdou
t: b''
Jan 23 12:33:32 mail.domain.co.uk fail2ban.action[2610]: ERROR iptables -w -N f2b-sshd
                                                              iptables -w -A f2b-sshd -j RETURN
                                                              iptables -w -I INPUT -p tcp -m multiport --dports  -j f2b-sshd -- stder
r: b"iptables v1.6.0: invalid port/service `-j' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
Jan 23 12:33:32 mail.domain.co.uk fail2ban.action[2610]: ERROR iptables -w -N f2b-sshd
                                                              iptables -w -A f2b-sshd -j RETURN
                                                              iptables -w -I INPUT -p tcp -m multiport --dports  -j f2b-sshd -- retur
ned 2

I don't have any custom config in jail.local and I have default iptables instaled with iredmail.
Any idea why this errors?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: fail2ban error

Try to restart fail2ban service. sometimes it has this issue and restarting fixes it.

3 Reply by hoheiky (edited by hoheiky 2019-02-27 23:27:56)

  • hoheiky
  • Member
  • Offline
  • Registered: 2019-02-25
  • Posts: 1

Re: fail2ban error

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version:  Debian 9 Stretch
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Same error here:

iptables v1.6.0: invalid port/service

Fresh install Debian 9 + iRedMail-0.9.9 with fail2ban and iptables rules by default.
Default SSH port 22.

I noticed a problem wih fb-sshd and fb-sshd-ddos config files in /etc/jail.d/

sshd.conf file

[sshd]
enabled     = true
filter      = sshd
action      = iptables-multiport[name=sshd, port="", protocol=tcp]
logpath     = /var/log/auth.log

If I change port, I can start fail2ban with no errors.

[sshd]
enabled     = true
filter      = sshd
action      = iptables-multiport[name=sshd, port="22", protocol=tcp]
logpath     = /var/log/auth.log

BUT, if I try to connect from another public ip with bad credentials a lot of times, no ban action from iptables. What happens? I'm scared that fail2ban don't block attacks. Help is appreciated

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: fail2ban error

hoheiky wrote:

BUT, if I try to connect from another public ip with bad credentials a lot of times, no ban action from iptables. What happens? I'm scared that fail2ban don't block attacks. Help is appreciated

Try to turn on debug mode in Fail2ban and reproduce the login error, check what Fail2ban logs.
FYI: https://docs.iredmail.org/debug.fail2ban.html