1

Topic: fail2ban jail error

- iRedMail version: 1.7.3 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer? download
- Linux/BSD distribution name and version: Debian 12
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes

Apr 27 04:25:59 newmarlin fail2ban.actions[849]: ERROR Failed to execute ban jail 'pregreet' action 'banned_db' info 'ActionInfo({'ip': '*SOMEIP*', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0xffffb3d5a020>, 'ipjailmatches': '2025-04-27T04:25:59.810265+00:00 newmarlin postfix/postscreen[23259]: PREGREET 12 after 0.16 from [152.32.235.85]:9294: ehlo hello\\r\\n', 'ipjailfailures': 1, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0xffffb3d5a7a0>})': Error banning *SOMEIP*

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: fail2ban jail error

Could you please paste log lines before and after this line?

3

Re: fail2ban jail error

ZhangHuangbin wrote:

Could you please paste log lines before and after this line?

Of course - and thanks for your great work!

Restarted fail2ban in DEBUG mode:

root@newmarlin:~# tail -f /var/log/fail2ban.log
2025-04-27T07:12:34.968427+00:00 newmarlin fail2ban.utils[28595]: ERROR ffffacebd340 -- stderr: '2025-04-26T20:04:26.740069+00:00 newmarlin sshd[12735]: Invalid user solx from SOMEIMP port 59272'
2025-04-27T07:12:34.968494+00:00 newmarlin fail2ban.utils[28595]: ERROR ffffacebd340 -- stderr: '2025-04-27T05:51:07.346446+00:00 newmarlin sshd[26187]: Invalid user ubuntu from *SOMEIP*  port 39368'
2025-04-27T07:12:34.968636+00:00 newmarlin fail2ban.utils[28595]: ERROR ffffacebd340 -- stderr: '2025-04-27T06:01:32.901474+00:00 newmarlin sshd[26458]: Invalid user validator from *SOMEIP*  port 39306'
2025-04-27T07:12:34.968701+00:00 newmarlin fail2ban.utils[28595]: ERROR ffffacebd340 -- stderr: '2025-04-27T06:12:14.910224+00:00 newmarlin sshd[26683]: Invalid user node from *SOMEIP*  port 39082'
2025-04-27T07:12:34.968757+00:00 newmarlin fail2ban.utils[28595]: ERROR ffffacebd340 -- stderr: '2025-04-27T06:22:53.212625+00:00 newmarlin sshd[26851]: Invalid user solana from *SOMEIP*  port 38860'
2025-04-27T07:12:34.968833+00:00 newmarlin fail2ban.utils[28595]: ERROR ffffacebd340 -- stderr: '2025-04-27T06:33:28.101646+00:00 newmarlin sshd[27406]: Invalid user sol from *SOMEIP*  port 38644: 2: /usr/local/bin/fail2ban_banned_db: not found'
2025-04-27T07:12:34.968896+00:00 newmarlin fail2ban.utils[28595]: ERROR ffffacebd340 -- returned 127
2025-04-27T07:12:34.968969+00:00 newmarlin fail2ban.utils[28595]: INFO HINT on 127: "Command not found".  Make sure that all commands in ['f2bV_ipjailmatches=$0 \n/usr/local/bin/fail2ban_banned_db ban *SOMEIP*  22 tcp sshd 15 $f2bV_ipjailmatches', '2025-04-26T19:22:13.657215+00:00 newmarlin sshd[11957]: Invalid user user from *SOMEIP*  port 44250\n2025-04-26T19:32:30.810450+00:00 newmarlin sshd[12107]: Invalid user vali from *SOMEIP*  port 40948\n2025-04-26T19:42:55.741753+00:00 newmarlin sshd[12315]: Invalid user ubuntu from *SOMEIP*  port 37646\n2025-04-26T19:53:35.590692+00:00 newmarlin sshd[12501]: Invalid user ada from *SOMEIP*  port 34344\n2025-04-26T20:04:26.740069+00:00 newmarlin sshd[12735]: Invalid user solx from *SOMEIP*  port 59272\n2025-04-27T05:51:07.346446+00:00 newmarlin sshd[26187]: Invalid user ubuntu from *SOMEIP*  port 39368\n2025-04-27T06:01:32.901474+00:00 newmarlin sshd[26458]: Invalid user validator from *SOMEIP*  port 39306\n2025-04-27T06:12:14.910224+00:00 newmarlin sshd[26683]: Invalid user node from *SOMEIP*  port 39082\n2025-04-27T06:22:53.212625+00:00 newmarlin sshd[26851]: Invalid user solana from *SOMEIP*  port 38860\n2025-04-27T06:33:28.101646+00:00 newmarlin sshd[27406]: Invalid user sol from *SOMEIP*  port 38644'] are in the PATH of fail2ban-server process (grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" in another shell session and observe if additional informative error messages appear in the terminals.
2025-04-27T07:12:34.969869+00:00 newmarlin fail2ban.actions[28595]: ERROR Failed to execute ban jail 'sshd' action 'banned_db' info 'ActionInfo({'ip': '*SOMEIP* ', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0xffffaf83a020>, 'ipjailmatches': '2025-04-26T19:22:13.657215+00:00 newmarlin sshd[11957]: Invalid user user from *SOMEIP*  port 44250\n2025-04-26T19:32:30.810450+00:00 newmarlin sshd[12107]: Invalid user vali from *SOMEIP*  port 40948\n2025-04-26T19:42:55.741753+00:00 newmarlin sshd[12315]: Invalid user ubuntu from *SOMEIP*  port 37646\n2025-04-26T19:53:35.590692+00:00 newmarlin sshd[12501]: Invalid user ada from *SOMEIP*  port 34344\n2025-04-26T20:04:26.740069+00:00 newmarlin sshd[12735]: Invalid user solx from *SOMEIP*  port 59272\n2025-04-27T05:51:07.346446+00:00 newmarlin sshd[26187]: Invalid user ubuntu from *SOMEIP*  port 39368\n2025-04-27T06:01:32.901474+00:00 newmarlin sshd[26458]: Invalid user validator from *SOMEIP*  port 39306\n2025-04-27T06:12:14.910224+00:00 newmarlin sshd[26683]: Invalid user node from *SOMEIP*  port 39082\n2025-04-27T06:22:53.212625+00:00 newmarlin sshd[26851]: Invalid user solana from *SOMEIP*  port 38860\n2025-04-27T06:33:28.101646+00:00 newmarlin sshd[27406]: Invalid user sol from *SOMEIP*  port 38644', 'ipjailfailures': 15, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0xffffaf83a7a0>})': Error banning *SOMEIP* #012Traceback (most recent call last):#012  File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 513, in __checkBan#012    action.ban(aInfo)#012  File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 568, in ban#012    raise RuntimeError("Error banning %(ip)s" % aInfo)#012RuntimeError: Error banning *SOMEIP*
2025-04-27T07:12:34.970108+00:00 newmarlin fail2ban.actions[28595]: DEBUG Banned 6 / 6, 6 ticket(s) in 'sshd'

4

Re: fail2ban jail error

Additional info in journal:

root@newmarlin:~# journalctl -t fail2ban.actions -f
Apr 27 07:12:34 newmarlin fail2ban.actions[28595]: ERROR Failed to execute ban jail 'sshd' action 'banned_db' info 'ActionInfo({'ip': '*SOMEIP* ', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0xffffaf83a020>, 'ipjailmatches': '2025-04-27T06:28:48.432051+00:00 newmarlin sshd[27270]: Invalid user dspace from *SOMEIP*  port 34130\n2025-04-27T06:28:50.370824+00:00 newmarlin sshd[27272]: Invalid user metricbeat from *SOMEIP*  port 34126\n2025-04-27T06:28:52.130138+00:00 newmarlin sshd[27277]: Invalid user vyos from *SOMEIP*  port 43284\n2025-04-27T06:28:54.001107+00:00 newmarlin sshd[27279]: Invalid user user from *SOMEIP*  port 46096\n2025-04-27T06:28:55.907465+00:00 newmarlin sshd[27283]: Invalid user oracle from *SOMEIP*  port 54514', 'ipjailfailures': 5, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0xffffaf83a7a0>})': Error banning *SOMEIP*
                                                   Traceback (most recent call last):
                                                     File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 513, in __checkBan
                                                       action.ban(aInfo)
                                                     File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 568, in ban
                                                       raise RuntimeError("Error banning %(ip)s" % aInfo)
                                                   RuntimeError: Error banning *SOMEIP*
Apr 27 07:12:34 newmarlin fail2ban.actions[28595]: NOTICE [sshd] Restore Ban *SOMEIP*

5

Re: fail2ban jail error

It's not clear what the problem is according to pasted log lines.
Did you try to restart fail2ban service?

6

Re: fail2ban jail error

ZhangHuangbin wrote:

It's not clear what the problem is according to pasted log lines.
Did you try to restart fail2ban service?

I agree - it's not easy - and yes I tried restarting fail2ban - and the whole VM - no improvement sadly.

7

Re: fail2ban jail error

did you notice
/usr/local/bin/fail2ban_banned_db: not found