1 Topic by lemopa

  • lemopa
  • Member
  • Offline
  • Registered: 2019-12-13
  • Posts: 14

Topic: Fail2ban Problem

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MYSQL
- Web server (Apache or Nginx): Nkinx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

HI have problem with iptables service and fail2ban service in new installation on Debian 10
Thanks for your help

adminit@mail001:/var/log$ sudo systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2019-12-12 22:37:27 -05; 1s ago
     Docs: man:fail2ban(1)
  Process: 2145 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
  Process: 2146 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
Main PID: 2146 (code=exited, status=255/EXCEPTION)

Dec 12 22:37:26 mail001 systemd[1]: Starting Fail2Ban Service...
Dec 12 22:37:26 mail001 systemd[1]: Started Fail2Ban Service.
Dec 12 22:37:27 mail001 fail2ban-server[2146]:  No file(s) found for glob
Dec 12 22:37:27 mail001 fail2ban-server[2146]:  Failed during configuration: Have not found any log file for nginx-http-auth jail
Dec 12 22:37:27 mail001 fail2ban-server[2146]:  Async configuration of server failed
Dec 12 22:37:27 mail001 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Dec 12 22:37:27 mail001 systemd[1]: fail2ban.service: Failed with result 'exit-code'.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by kawasakiguy

  • kawasakiguy
  • Member
  • Offline
  • Registered: 2019-12-11
  • Posts: 9

Re: Fail2ban Problem

Most importantly

- Was this done on a FRESH install with 0 prerequisites installed? Or was this an upgrade from a previous version?

A search online suggested your "jail" file perhaps is being shared, although I'm not fully sure because I haven't experienced this problem yet.

3 Reply by lemopa

  • lemopa
  • Member
  • Offline
  • Registered: 2019-12-13
  • Posts: 14

Re: Fail2ban Problem

Yes, is a fresh install, with your guide installation, I bought iredadmin pro today, Three installation and all have the same error.

kawasakiguy wrote:

Most importantly

- Was this done on a FRESH install with 0 prerequisites installed? Or was this an upgrade from a previous version?

A search online suggested your "jail" file perhaps is being shared, although I'm not fully sure because I haven't experienced this problem yet.

4 Reply by kawasakiguy

  • kawasakiguy
  • Member
  • Offline
  • Registered: 2019-12-11
  • Posts: 9

Re: Fail2ban Problem

lemopa wrote:

Yes, is a fresh install, with your guide installation, I bought iredadmin pro today, Three installation and all have the same error.

kawasakiguy wrote:

Most importantly

- Was this done on a FRESH install with 0 prerequisites installed? Or was this an upgrade from a previous version?

A search online suggested your "jail" file perhaps is being shared, although I'm not fully sure because I haven't experienced this problem yet.


I'm not a support member just a user man sorry. Support will get back to you eventually though.

In the mean time, can you run this command and tell me the error that pops up
-  'fail2ban-client start'

5 Reply by lemopa

  • lemopa
  • Member
  • Offline
  • Registered: 2019-12-13
  • Posts: 14

Re: Fail2ban Problem

I found the problem
in the next file

/etc/fail2ban/jail.d/nginx-http-auth.local
the log path is empty

so I don't know if the path is /var/log/nginx/error.log


Thanks

6 Reply by kawasakiguy

  • kawasakiguy
  • Member
  • Offline
  • Registered: 2019-12-11
  • Posts: 9

Re: Fail2ban Problem

Ty for updating me, I was going to see if that file was empty depending on your response tongue Glad you worked it out man! big_smile

7 Reply by lemopa

  • lemopa
  • Member
  • Offline
  • Registered: 2019-12-13
  • Posts: 14

Re: Fail2ban Problem

in centos 7 this is the content of the file

[nginx-http-auth]
enabled     = true
filter      = nginx-http-auth
action      = iptables-multiport[name=nginx, port="http,https,smtp,submission,465,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath     = /var/log/nginx/error.log


In debian I only change log path same to centos but que I try to enter with round cube or solo my ip is inmadiatly blocked


adminit@mail001:~$ sudo nft list ruleset
table inet filter {
    set f2b-roundcube {
        type ipv4_addr
        elements = { 186.155.208.254 }
    }

    set f2b-postfix {
        type ipv4_addr
        elements = { 91.134.145.129 }
    }

    chain input {
        type filter hook input priority 0; policy accept;
        tcp dport { smtp, http, pop3, imap2, https, urd, submission, imaps, pop3s, sieve } ip saddr @f2b-postfix reject
        tcp dport { smtp, http, pop3, imap2, https, urd, submission, imaps, pop3s, sieve } ip saddr @f2b-roundcube reject
        iif "lo" accept
        ct state established,related accept
        ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-done, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, ind-neighbor-solicit, ind-neighbor-advert, mld2-listener-report } accept
        ip protocol icmp icmp type { destination-unreachable, router-advertisement, router-solicitation, time-exceeded, parameter-problem } accept
        ip protocol igmp accept
        ip protocol icmp icmp type echo-request limit rate over 10/second burst 4 packets drop
        ip6 nexthdr ipv6-icmp icmpv6 type echo-request limit rate over 10/second burst 4 packets drop
        tcp dport ssh accept
        tcp dport http accept
        tcp dport https accept
        tcp dport smtp accept
        tcp dport submission accept
        tcp dport pop3 accept
        tcp dport pop3s accept
        tcp dport imap2 accept
        tcp dport imaps accept
        counter packets 326 bytes 28045 drop
    }

    chain output {
        type filter hook output priority 0; policy accept;
    }

    chain forward {
        type filter hook forward priority 0; policy drop;
    }
}

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Fail2ban Problem

it's a bug of iRedMail-1.0, it didn't set correct log file path in Fail2ban jail config file.
I just re-packed iRedMail-1.0 with this fix.
https://www.iredmail.org/download.html