Topic: Fail2ban mysql error
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): latest
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Centos 7 latest
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MYSQL
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I restarted fail2ban this AM and I see the following in the fail2ban log:
Jan 26 09:09:41 vcliff journal: fail2ban.actions [15859]: NOTICE [postfix-pregreet] Restore Ban 178.73.215.171
Jan 26 09:09:41 vcliff journal: fail2ban.utils [15859]: ERROR 7ff764c30e18 -- exec: ['f2bV_ipjailmatches=$0 \n/usr/local/bin/fail2ban_banned_db ban 178.73.215.171 80,443,25,587,465,110,995,143,993,4190 tcp postfix-pregreet 1 $f2bV_ipjailmatches', 'Jan 26 03:31:54 vcliff postfix/postscreen[2705]: PREGREET 27 after 0 from [178.73.215.171]:12464: \\255\\253\\3\\255\\251\\24\\255\\251\\31\\255\\251 \\255\\251!\\255\\251"\\255\\251\'\\255\\253\\5\\255\\251#']
Jan 26 09:09:41 vcliff journal: fail2ban.utils [15859]: ERROR 7ff764c30e18 -- stderr: "ERROR 1064 (42000) at line 1: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '??\x05??' at line 8"
Jan 26 09:09:41 vcliff journal: fail2ban.utils [15859]: ERROR 7ff764c30e18 -- returned 1
Jan 26 09:09:41 vcliff journal: fail2ban.actions [15859]: ERROR Failed to execute ban jail 'postfix-pregreet' action 'banned_db' info 'ActionInfo({'family': 'inet4', 'ipjailmatches': u'Jan 26 03:31:54 vcliff postfix/postscreen[2705]: PREGREET 27 after 0 from [178.73.215.171]:12464: \\255\\253\\3\\255\\251\\24\\255\\251\\31\\255\\251 \\255\\251!\\255\\251"\\255\\251\'\\255\\253\\5\\255\\251#', 'ip': '178.73.215.171', 'ipjailfailures': 1, 'fid': <function <lambda> at 0x7ff7663cbb18>, 'raw-ticket': <function <lambda> at 0x7ff7663cc140>})': Error banning 178.73.215.171
Jan 26 09:09:41 vcliff journal: fail2ban.actions [15859]: NOTICE [postfix-pregreet] Restore Ban 192.241.214.108
Jan 26 09:09:41 vcliff journal: fail2ban.actions [15859]: NOTICE [postfix-pregreet] Restore Ban 195.62.46.108
Jan 26 09:09:41 vcliff journal: fail2ban.actions [15859]: NOTICE [postfix-pregreet] Restore Ban 195.62.46.80
I see the following in the maillog:
(vcliff pts4) # zcat maillog-20210126.gz | grep 178\.73\.215\.171
Jan 26 03:31:54 vcliff postfix/postscreen[2705]: CONNECT from [178.73.215.171]:12464 to [192.168.0.11]:25
Jan 26 03:31:54 vcliff postfix/postscreen[2705]: PREGREET 27 after 0 from [178.73.215.171]:12464: \255\253\3\255\251\24\255\251\31\255\251 \255\251!\255\251"\255\251'\255\253\5\255\251#
Jan 26 03:31:54 vcliff postfix/postscreen[2705]: DISCONNECT [178.73.215.171]:12464
Jan 26 03:31:54 vcliff postfix/dnsblog[31633]: addr 178.73.215.171 listed by domain zen.spamhaus.org as 127.0.0.4
Jan 26 03:31:54 vcliff postfix/dnsblog[31633]: addr 178.73.215.171 listed by domain zen.spamhaus.org as 127.0.0.2
(vcliff pts4) #
I suspect this is caused by all of the garbage in the PREGREET message. The other log entries of banned addresses do not show the \255\253\3... crap.
Is there a way to workaround this error?
To be clear the address is banned it just does not get put in the fail2ban db.
Regards,
Tom
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.