1 (edited by mike175de 2020-02-29 00:24:57)

Topic: [Closed] Fail2Ban-Critical Error - Rule postfix-pregreet-iredmail

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):  1.1
- Deployed with iRedMail Easy or the downloadable installer? Installer
- Linux/BSD distribution name and version: Buster
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

the fail2ban-log shows every 10 minutes this:

2020-02-28 07:30:30,546 fail2ban.filter         [19887]: INFO    [postfix-pregreet-iredmail] Found 193.56.28.109 - 2020-02-28 07:30:30
2020-02-28 07:30:30,775 fail2ban.actions        [19887]: NOTICE  [postfix-pregreet-iredmail] Ban 193.56.28.109
2020-02-28 07:30:30,806 fail2ban.utils          [19887]: Level 39 7f7b905b6200 -- exec: nft add set inet filter f2b-postfix \{ type ipv4_addr\; \}
nft insert rule inet filter input tcp dport \{ 80,443,25,587,465,110,995,143,993,4190 \} ip saddr @f2b-postfix reject
2020-02-28 07:30:30,807 fail2ban.utils          [19887]: ERROR   7f7b905b6200 -- stderr: 'Error: Could not process rule: No such file or directory'
2020-02-28 07:30:30,807 fail2ban.utils          [19887]: ERROR   7f7b905b6200 -- stderr: 'add set inet filter f2b-postfix { type ipv4_addr; }'
2020-02-28 07:30:30,807 fail2ban.utils          [19887]: ERROR   7f7b905b6200 -- stderr: '             ^^^^^^'
2020-02-28 07:30:30,807 fail2ban.utils          [19887]: ERROR   7f7b905b6200 -- stderr: 'Error: Could not process rule: No such file or directory'
2020-02-28 07:30:30,807 fail2ban.utils          [19887]: ERROR   7f7b905b6200 -- stderr: 'insert rule inet filter input tcp dport { 80,443,25,587,465,110,995,143,993,4190 } ip saddr @f2b-postfix reject'
2020-02-28 07:30:30,807 fail2ban.utils          [19887]: ERROR   7f7b905b6200 -- stderr: '                 ^^^^^^'
2020-02-28 07:30:30,807 fail2ban.utils          [19887]: ERROR   7f7b905b6200 -- returned 1
2020-02-28 07:30:30,808 fail2ban.actions        [19887]: ERROR   Failed to execute ban jail 'postfix-pregreet-iredmail' action 'nftables-multiport' info 'ActionInfo({'ip': '193.56.28.109', 'family': 'inet4', 'ip-rev': '109.28.56.193.', 'ip-host': None, 'fid': '193.56.28.109', 'failures': 1, 'time': 1582871430.0, 'matches': 'Feb 28 07:30:30 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:42006: EHLO User\\r\\n', 'restored': 0, 'F-*': {'matches': [('', 'Feb 28 07:30:30', ' mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:42006: EHLO User\\r\\n')], 'failures': 1, 'ip4': '193.56.28.109'}, 'ipmatches': 'Feb 27 11:29:29 mbox postfix/postscreen[14192]: PREGREET 11 after 0.03 from [193.56.28.109]:40101: EHLO User\\r\\n\nFeb 27 12:57:21 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:3412: EHLO User\\r\\n\nFeb 27 14:23:32 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:31196: EHLO User\\r\\n\nFeb 27 15:51:22 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:58977: EHLO User\\r\\n\nFeb 27 17:16:42 mbox postfix/postscreen[16221]: PREGREET 11 after 0.04 from [193.56.28.109]:22252: EHLO User\\r\\n\nFeb 27 18:43:08 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:50018: EHLO User\\r\\n\nFeb 27 20:09:00 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:13300: EHLO User\\r\\n\nFeb 27 21:35:28 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:41082: EHLO User\\r\\n\nFeb 27 22:59:55 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:4356: EHLO User\\r\\n\nFeb 28 00:25:21 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:32131: EHLO User\\r\\n\nFeb 28 01:50:14 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:59907: EHLO User\\r\\n\nFeb 28 03:16:44 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:23187: EHLO User\\r\\n\nFeb 28 04:41:50 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:50960: EHLO User\\r\\n\nFeb 28 06:06:50 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:14240: EHLO User\\r\\n\nFeb 28 07:30:30 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:42006: EHLO User\\r\\n', 'ipjailmatches': 'Feb 27 11:29:29 mbox postfix/postscreen[14192]: PREGREET 11 after 0.03 from [193.56.28.109]:40101: EHLO User\\r\\n\nFeb 27 12:57:21 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:3412: EHLO User\\r\\n\nFeb 27 14:23:32 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:31196: EHLO User\\r\\n\nFeb 27 15:51:22 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:58977: EHLO User\\r\\n\nFeb 27 17:16:42 mbox postfix/postscreen[16221]: PREGREET 11 after 0.04 from [193.56.28.109]:22252: EHLO User\\r\\n\nFeb 27 18:43:08 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:50018: EHLO User\\r\\n\nFeb 27 20:09:00 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:13300: EHLO User\\r\\n\nFeb 27 21:35:28 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:41082: EHLO User\\r\\n\nFeb 27 22:59:55 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:4356: EHLO User\\r\\n\nFeb 28 00:25:21 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:32131: EHLO User\\r\\n\nFeb 28 01:50:14 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:59907: EHLO User\\r\\n\nFeb 28 03:16:44 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:23187: EHLO User\\r\\n\nFeb 28 04:41:50 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:50960: EHLO User\\r\\n\nFeb 28 06:06:50 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:14240: EHLO User\\r\\n\nFeb 28 07:30:30 mbox postfix/postscreen[16221]: PREGREET 11 after 0.03 from [193.56.28.109]:42006: EHLO User\\r\\n', 'ipfailures': 15, 'ipjailfailures': 15})': Error starting action Jail('postfix-pregreet-iredmail')/nftables-multiport

I guess this is a relevant issue/critical error? Maybe other users have this error as well?

How can I solve that problem?

Thx for help.

Mike

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: [Closed] Fail2Ban-Critical Error - Rule postfix-pregreet-iredmail

change from nftables to iptables-multiport

3 (edited by mike175de 2020-02-29 00:26:14)

Re: [Closed] Fail2Ban-Critical Error - Rule postfix-pregreet-iredmail

Thx Cthulhu!

For all with the same problem:

Edit /etc/fail2ban/jail.d/postfix-pregreet.local with:

[postfix-pregreet-iredmail]
enabled     = true
filter      = postfix-pregreet.iredmail
logpath     = /var/log/mail.log
maxretry    = 1
action      = iptables-multiport[name=postfix, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]

Save the fail and restart Fail2Ban.

@ZhangHuangbin:
Maybe this is a Debain 10 Buster related problem that should be addressed via the installer?

Greets Mike

4

Re: [Closed] Fail2Ban-Critical Error - Rule postfix-pregreet-iredmail

I wrote about this already, the debian10 insaller should install nftables but it still uses iptables.
Thus, i like iptables more

5

Re: [Closed] Fail2Ban-Critical Error - Rule postfix-pregreet-iredmail

Just for my understanding:

Is Fail2Ban the useless in the actual configuration of iRedMail because the bans will be not written to the nftables.conf?

Sorry, but Fail2Ban is not the software I am so good with ;o)

Mike