1 Topic by kadaca

  • kadaca
  • Member
  • Offline
  • Registered: 2020-12-23
  • Posts: 9

Topic: Fail2ban errors

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I've got a fresh install and seeing the following errors in fail2ban logs:

Dec 22 09:08:39 mail fail2ban.actions [715]: NOTICE [postfix-pregreet] Ban 178.73.215.171
Dec 22 09:08:39 mail fail2ban.utils [715]: ERROR 7f881926f7c0 -- exec: ['f2bV_ipjailmatches=$0 \n/usr/local/bin/fail2ban_banned_db ban 178.73.215.171 80,443,25,587,465,110,995,143,993,4190 tcp postfix-pregreet 1 $f2bV_ipjailmatches', 'Dec 22 09:08:39 mail postfix/postscreen[26777]: PREGREET 27 after 0 from [178.73.215.171]:17719: \\377\\375\\003\\377\\373\\030\\377\\373\\037\\377\\373 \\377\\373!\\377\\373"\\377\\373\'\\377\\375\\005\\377\\373#']
Dec 22 09:08:39 mail fail2ban.utils [715]: ERROR 7f881926f7c0 -- stderr: "ERROR 1064 (42000) at line 1: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '??\x05??' at line 8"
Dec 22 09:08:39 mail fail2ban.utils [715]: ERROR 7f881926f7c0 -- returned 1
Dec 22 09:08:39 mail fail2ban.actions [715]: ERROR Failed to execute ban jail 'postfix-pregreet' action 'banned_db' info 'ActionInfo({'ip': '178.73.215.171', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f881a7498b0>, 'ipjailmatches': 'Dec 22 09:08:39 mail postfix/postscreen[26777]: PREGREET 27 after 0 from [178.73.215.171]:17719: \\377\\375\\003\\377\\373\\030\\377\\373\\037\\377\\373 \\377\\373!\\377\\373"\\377\\373\'\\377\\375\\005\\377\\373#', 'ipjailfailures': 1, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f881a749f70>})': Error banning 178.73.215.171
Dec 22 10:08:40 mail fail2ban.actions [715]: NOTICE [postfix-pregreet] Unban 178.73.215.171

Is this somethins I should be worrying about?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ming (edited by ming 2020-12-23 13:02:38)

  • ming
  • Member
  • Offline
  • Registered: 2020-11-14
  • Posts: 17

Re: Fail2ban errors

I also found some similar errors in my log, but the strange thing is that this error does not always exist, the log shows that it is normal in most cases neutral

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Fail2ban errors

Try this fix:
https://github.com/iredmail/iRedMail/co … 37ff723c91

4 Reply by ming

  • ming
  • Member
  • Offline
  • Registered: 2020-11-14
  • Posts: 17

Re: Fail2ban errors

ZhangHuangbin wrote:

Try this fix:
https://github.com/iredmail/iRedMail/co … 37ff723c91

I have applied it, do I need to restart any services? (actually I have restarted the fail2ban service)

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Fail2ban errors

ming wrote:

I have applied it, do I need to restart any services? (actually I have restarted the fail2ban service)

No service restart required. Does the error still happen?

6 Reply by mrberni (edited by mrberni 2021-02-25 19:50:26)

  • mrberni
  • Member
  • Offline
  • Registered: 2019-06-06
  • Posts: 5

Re: Fail2ban errors

Getting these errors, too. Something like:

2021-02-25 12:45:52,285 fail2ban.action         [21503]: ERROR   /usr/local/bin/fail2ban_banned_db ban 78.47.79.70 0:65535 tcp postfix-pregreet 2 Feb 25 12:40:52 mail postfix/postscreen\[17777\]: PREGREET 6 after 0.02 from \[78.47.79.70\]:62584: QUIT\\r\\n

2021-02-25 12:45:52,287 fail2ban.actions        [21503]: ERROR   Failed to execute ban jail 'postfix-pregreet' action 'banned_db' info 'CallingMap({'matches': 'Feb 25 12:40:52 mail postfix/postscreen[17777]: PREGREET 6 after 0.02 from [78.47.79.70]:62584: QUIT\\r\\n\nFeb 25 12:40:54 mail postfix/postscreen[17777]: PREGREET 6 after 0.01 from [78.47.79.70]:62606: QUIT\\r\\n', 'ipfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7f7c0b778d90>, 'ipjailfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7f7c0b778e18>, 'time': 1614253551.9578624, 'ip': '78.47.79.70', 'failures': 2, 'ipjailmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7f7c0b778d08>, 'ipmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7f7c0b778bf8>})': Error banning 78.47.79.70

We applied all mentioned fixes...

Regards

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Fail2ban errors

Seems still have some issue while storing the matched log lines in SQL db.
Maybe we should do base64 encode before storing, will do some tests later.

8 Reply by mrberni

  • mrberni
  • Member
  • Offline
  • Registered: 2019-06-06
  • Posts: 5

Re: Fail2ban errors

That would be great.

We disabled storing the loglines until this get fixed:
In /etc/fail2ban/action.d/banned_db.conf just temporary remove the "<ipjailmatches>" from actionban.

Regards

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Fail2ban errors

We now store (base64) encoded log lines in SQL, and in upcoming iRedAdmin-Pro release, it will decode it while rendering log lines.

FYI:

https://github.com/iredmail/iRedMail/issues/107
https://github.com/iredmail/iRedMail/co … 746dae37c7