1 Topic by jbodycott

  • jbodycott
  • Member
  • Offline
  • Registered: 2021-04-14
  • Posts: 2

Topic: Fail2Ban Filter SQL Error

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.0
- Deployed with iRedMail Easy or the downloadable installer? Installer
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Good afternoon,

I'm running the current iRedMail on Ubuntu 20.04 (which I love, thank you for the awesome product!)  The integrated filter for fail2ban works great overall, but I've gotten a crash with some garbage input... I'm looking either for some help sanitizing this or hopefully to pass this on to make the filter more robust.  Here's the offending connection and log.  Thank you for your help and time!

mail.log:

Apr 13 13:53:25 mail postfix/postscreen[93571]: PREGREET 142 after 0 from [209.141.33.145]:35062: GET / HTTP/1.1\r\nUser-Agent: Wget/1.20.3 (linux-gnu)\r\nAccept: */*\r\nAccept-Encoding: identity\r\


fail2ban.log:

2021-04-13 13:53:26,275 fail2ban.utils          [2344]: ERROR   7f3f4c251640 -- exec: ['f2bV_ipjailmatches=$0 \n/usr/local/bin/fail2ban_banned_db ban 209.141.33.145 http,https,sop3,pop3s,imap,imaps,sieve tcp postfix-pre 1 $f2bV_ipjailmatches', 'Apr 13 13:53:25 mail postfix/postscreen[93571]: PREGREET 142 after 0 from [209.141.33.145]:35062: GET / HTTP/ Wget/1.20.3 (linux-gnu)\\r\\nAccept: */*\\r\\nAccept-Encoding: identity\\r\\']

2021-04-13 13:53:26,275 fail2ban.utils          [2344]: ERROR   7f3f4c251640 -- stderr: "ERROR 1064 (42000) at line 1: You have an error in your SQL syntax; check the manual thar MariaDB server version for the right syntax to use near ''Apr 13 13:53:25 mail postfix/postscreen[93571]: PREGREET 142 after 0 from [2...' at line 8"

2021-04-13 13:53:26,275 fail2ban.utils          [2344]: ERROR   7f3f4c251640 -- returned 1

2021-04-13 13:53:26,276 fail2ban.actions        [2344]: ERROR   Failed to execute ban jail 'postfix-pregreet' action 'banned_db' info 'ActionInfo({'ip': '209.141.33.145', 'famil<function Actions.ActionInfo.<lambda> at 0x7f3f4d87b9d0>, 'ipjailmatches': 'Apr 13 13:53:25 mail postfix/postscreen[93571]: PREGREET 142 after 0 from [209.141.33.145]:35062: GETr-Agent: Wget/1.20.3 (linux-gnu)\\r\\nAccept: */*\\r\\nAccept-Encoding: identity\\r\\', 'ipjailfailures': 1, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f3f4d87c0d 209.141.33.145

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.