1 (edited by Moemmel 2020-01-09 21:48:13)

Topic: debian 10.2 fresh install - no fail2ban working ?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.0 MARIADB edition.
- Deployed with iRedMail Easy or the downloadable installer? Installer
- Linux/BSD distribution name and version: debian 10.2 - 4.19.0-6-amd64
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi iRedMail Team,

i installed a fresh debian 10.2 with the netinst iso.

fail2ban seems to work:

# systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-01-09 14:30:14 CET; 10min ago
     Docs: man:fail2ban(1)
  Process: 3292 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
 Main PID: 3293 (fail2ban-server)
    Tasks: 13 (limit: 2358)
   Memory: 15.0M
   CGroup: /system.slice/fail2ban.service
           └─3293 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Jan 09 14:38:09 q3 fail2ban-server[3293]: fail2ban.filter         [3293]: INFO      maxRetry: 5
Jan 09 14:38:09 q3 fail2ban-server[3293]: fail2ban.filter         [3293]: INFO      findtime: 3600
Jan 09 14:38:09 q3 fail2ban-server[3293]: fail2ban.actions        [3293]: INFO      banTime: 3600
Jan 09 14:38:09 q3 fail2ban-server[3293]: fail2ban.server         [3293]: INFO    Jail 'sshd' reloaded
Jan 09 14:38:09 q3 fail2ban-server[3293]: fail2ban.server         [3293]: INFO    Jail 'nginx-http-auth' reloaded
Jan 09 14:38:09 q3 fail2ban-server[3293]: fail2ban.server         [3293]: INFO    Jail 'dovecot-iredmail' reloaded
Jan 09 14:38:09 q3 fail2ban-server[3293]: fail2ban.server         [3293]: INFO    Jail 'postfix-pregreet-iredmail' reloaded
Jan 09 14:38:09 q3 fail2ban-server[3293]: fail2ban.server         [3293]: INFO    Jail 'postfix-iredmail' reloaded
Jan 09 14:38:09 q3 fail2ban-server[3293]: fail2ban.server         [3293]: INFO    Jail 'roundcube-iredmail' reloaded
Jan 09 14:38:09 q3 fail2ban-server[3293]: fail2ban.server         [3293]: INFO    Reload finished.

but i do not see anything in my iptables List

# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
#

is the mistake in front of the keyboard?

regards
Sven

2

Re: debian 10.2 fresh install - no fail2ban working ?

Run "nft list ruleset".
If there's some IP banned by Fail2ban, you should see it in output.

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee