1 (edited by Ange7 2022-05-30 15:57:59)

Topic: [solved] Fail2Ban script error

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.5
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: Debain bullseye
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

In Fail2Ban log i have this error :

2022-04-04 11:11:49,766 fail2ban.utils          [210747]: ERROR   7f70d29d1b70 -- exec: iptables -w -N f2b-postfix
iptables -w -A f2b-postfix -j RETURN
iptables -w -I INPUT -p tcp -m multiport --dports http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve -j f2b-postfix
2022-04-04 11:11:49,766 fail2ban.utils          [210747]: ERROR   7f70d29d1b70 -- stderr: 'iptables: Chain already exists.'
2022-04-04 11:11:49,766 fail2ban.utils          [210747]: ERROR   7f70d29d1b70 -- stderr: "iptables v1.8.7 (nf_tables): Couldn't load match `multiport':No such file or directory"
2022-04-04 11:11:49,766 fail2ban.utils          [210747]: ERROR   7f70d29d1b70 -- stderr: ''
2022-04-04 11:11:49,766 fail2ban.utils          [210747]: ERROR   7f70d29d1b70 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2022-04-04 11:11:49,766 fail2ban.utils          [210747]: ERROR   7f70d29d1b70 -- returned 2
2022-04-04 11:11:49,766 fail2ban.actions        [210747]: ERROR   Failed to execute ban jail 'postfix-iredmail' action 'iptables-multiport-postfix' info 'ActionInfo({'ip': '212.70.149.72', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f70d29dba60>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f70d29d6160>})': Error starting action Jail('postfix-iredmail')/iptables-multiport-postfix: 'Script error'

How to debug / fix this ?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: [solved] Fail2Ban script error

Hi,
someone how to fix this ?
Thanks

3

Re: [solved] Fail2Ban script error

Does restarting fail2ban service fix the issue?

4

Re: [solved] Fail2Ban script error

ZhangHuangbin wrote:

Does restarting fail2ban service fix the issue?

Nop, i have this error in fail2ban log, when i restart the service

5

Re: [solved] Fail2Ban script error

With latest iRedMail release, Fail2ban is configured to use nftables (instead of iptables) on Debian / Ubuntu, do you use the wrong fail2ban action in /etc/fail2ban/jail.d/*.local?

6

Re: [solved] Fail2Ban script error

i have 1.5.2 version iredmail

in /etc/fail2ban/jail.d/

i have this :

total 8
-rw-r--r-- 1 root root  22 17 avril  2017 defaults-debian.conf
-rw-r--r-- 1 root root 207  5 avril  2018 postfix-pregreet.local

(using iredmail since 2015 in production)

7

Re: [solved] Fail2Ban script error

Check the used fail2ban action in /etc/fail2ban/jail.local.

8

Re: [solved] Fail2Ban script error

ZhangHuangbin wrote:

Check the used fail2ban action in /etc/fail2ban/jail.local.

# Refer to /etc/fail2ban/jail.conf for more examples.
[DEFAULT]
# time is in seconds. 3600 = 1 hour, 86400 = 24 hours (1 day)
findtime    = 3600
bantime     = 86400
maxretry    = 5
ignoreip    = 127.0.0.1 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
banaction   = geohostsdeny

[sshd]
enabled     = true
filter      = sshd
action      = iptables-allports
logpath     = /var/log/auth.log

[sshd-ddos]
enabled     = true
filter      = sshd-ddos
action      = iptables-allports
logpath     = /var/log/auth.log

[roundcube-iredmail]
enabled     = true
filter      = roundcube.iredmail
action      = iptables-multiport[name=roundcube, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath     = /var/log/mail.log
findtime    = 3600

[dovecot-iredmail]
enabled     = true
filter      = dovecot.iredmail
action      = iptables-multiport[name=dovecot, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath     = /var/log/dovecot.log

[postfix-iredmail]
enabled     = true
ignoreip    = 51.254.133.57
filter      = postfix.iredmail
action      = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
#              sendmail[name=Postfix, dest=root, sender=fail2ban@localhost]
logpath     = /var/log/mail.log

[sogo-iredmail]
enabled     = false
filter      = sogo-auth
action      = iptables-multiport[name=SOGo, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath     = /var/log/sogo/sogo.log

9

Re: [solved] Fail2Ban script error

Ange7 wrote:

action      = iptables-multiport[name=...

See this?

10

Re: [solved] Fail2Ban script error

ZhangHuangbin wrote:
Ange7 wrote:

action      = iptables-multiport[name=...

See this?

Yes... but by what i need to replace it?

thank you @ZhangHuangbin

11

Re: [solved] Fail2Ban script error

ZhangHuangbin wrote:
Ange7 wrote:

action      = iptables-multiport[name=...

See this?

someone to help me ?

12

Re: [solved] Fail2Ban script error

Replace "iptables-multipart" by "nftables-multiport".

13

Re: [solved] Fail2Ban script error

ZhangHuangbin wrote:

Replace "iptables-multipart" by "nftables-multiport".

Thank you

14

Re: [solved] Fail2Ban script error

ZhangHuangbin wrote:

Replace "iptables-multipart" by "nftables-multiport".


Just out of interested, when changing this, the Rulesets are no longer showing under iptables -L although the Server shows that iptables is using nftables any ideas? This Server has been through various versions of Ubuntu 16.04 -> 18.04 -> 20.04 -> 22.04

 iptables v1.8.7 (nf_tables) 

Sorry that this is a old post.

Regards

15

Re: [solved] Fail2Ban script error

You should run "nft" command to list rules.
FYI https://wiki.nftables.org/wiki-nftables … 10_minutes