Fail2ban postfix-sasl and postfix-rbl - not enabling or running

rmk · February 6, 2020, 4:47am

NethServer Version: release 7.7.1908 (final)
Module: fail2ban

Recently after updating the fail2ban app… just checking using fail2ban-client status command, I find my postfix-sasl and postfix-rbl is not running… not sure how to fix it.

using fail2ban-client status :
Status
|- Number of jail: 26
`- Jail list: apache-auth, apache-badbots, apache-botsearch, apache-fakegooglebot, apache-modsecurity, apache-nohome, apache-noscript, apache-overflows, apache-scan, apache-shellshock, dovecot, dovecot-nethserver, httpd-admin, mysqld-auth, pam-generic, pam-generic-nethserver, phpmyadmin, postfix, postfix-ddos, postfix-sasl-abuse, recidive, roundcube-auth, rspamd, sieve, sogo-auth, sshd

I restarted the fail2ban … start gets the same status…
restarting the fail2ban i get the following error message:

2020-02-05 20:26:56,400 fail2ban.configreader [23609]: ERROR Found no accessible config files for ‘filter.d/postfix-rbl’ under /etc/fail2ban
2020-02-05 20:26:56,400 fail2ban.jailreader [23609]: ERROR Unable to read the filter ‘postfix-rbl’
2020-02-05 20:26:56,400 fail2ban.jailsreader [23609]: ERROR Errors in jail ‘postfix-rbl’. Skipping…
2020-02-05 20:26:56,409 fail2ban.configreader [23609]: ERROR Found no accessible config files for ‘filter.d/postfix-sasl’ under /etc/fail2ban
2020-02-05 20:26:56,409 fail2ban.jailreader [23609]: ERROR Unable to read the filter ‘postfix-sasl’
2020-02-05 20:26:56,409 fail2ban.jailsreader [23609]: ERROR Errors in jail ‘postfix-sasl’. Skipping…

Appreciate some guidance and help… thanks in advance…

stephdl · February 6, 2020, 3:06pm

It seems that with the move to fail2ban_0.10 the filters

/etc/fail2ban/filter.d/postfix-rbl.conf
/etc/fail2ban/filter.d/postfix-sasl.conf

are no more provided by fail2ban, we need to update the GUI to reflect one postfix jail

stephdl · February 6, 2020, 3:13pm

Thank to pointed it, it is a valuable bug but I cannot reproduce on my two servers, even if we have to remove the two jails postfix-sasl and postfix-rbl since fail2ban doesnt provide them anymore

maybe you run the log with other value than INFO

@giacomo could you check other servers ?

dnutan · February 6, 2020, 4:27pm

Moved to filter.d/postfix.conf:

fail2ban/ChangeLog at 0.10 · fail2ban/fail2ban · GitHub

filter.d/postfix-rbl.conf: removed (replaced with postfix[mode=rbl])

filter.d/postfix-sasl.conf: removed (replaced with postfix[mode=auth])

stephdl · February 6, 2020, 4:28pm

thank you

giacomo · February 6, 2020, 4:35pm

I think the filters just changed the name:

/etc/fail2ban/filter.d/postfix.con
/etc/fail2ban/filter.d/postfix-sasl-abuse.conf
/etc/fail2ban/filter.d/postfix-ddos.conf

stephdl · February 6, 2020, 4:36pm

yep we provide

/etc/fail2ban/filter.d/postfix-sasl-abuse.conf
/etc/fail2ban/filter.d/postfix-ddos.conf

and the two missing jails have been merged inside postfix.conf

stephdl · February 6, 2020, 4:37pm

rmk · February 6, 2020, 11:15pm

Thanks … somehow I don’t see that postfix-rbl and postfix-sasl changes in my postfix.conf .

Can you explain where I can find the updates to add those changes ?

I see postfix-ddos, postfix-sasl-abuse modes running… does this mean postfix-rbl & postfix-sasl no longer needed ?

stephdl · February 7, 2020, 6:26am

Yes they have been merged inside one jail: postfix

Only postfix-rbl is exposed inside the UI, the goal is also to remove it from cockpit and nethgui

rmk · February 7, 2020, 11:26pm

Thank you…

stephdl · February 10, 2020, 2:46pm

Hey @rmk would you please test the fix which is available

rmk · February 11, 2020, 12:09pm

Thanks Stephane, … the server that has a problem has support subscription… How do I get it to update with your update ? I tried an Update, it does not show the new fail2ban version yet… Thnx again

stephdl · February 11, 2020, 1:50pm

The rpm has been verified, it is coming soon

rmk · February 11, 2020, 4:34pm

Thanks…much appreciated.

rmk · February 11, 2020, 9:10pm

Thank you for the Fixed ! after update … the Fail2ban module - All looks good …
Very Much appreciated !

rmk · February 11, 2020, 11:59pm

After the Fail2ban update … When I do a fail2ban-listban command:
here’s what I get on the report for :
postfix-rbl [15558]: ERROR NOK: (‘postfix-rbl’,)
and
postfix-sasl [15584]: ERROR NOK: (‘postfix-sasl’,)

it seems to enabled later … what do this mean ?

postfix Jail enabled
- Currently banned: 0 - Total banned after service start: 0
- Banned IP:
2020-02-11 15:52:59,761 fail2ban [15558]: ERROR NOK: (‘postfix-rbl’,)
postfix-rbl Jail enabled
- Currently banned: - Total banned after service start:
- Banned IP:
postfix-ddos Jail enabled
- Currently banned: 3 - Total banned after service start: 3
- Banned IP: 61.19.101.157 51.77.34.204 117.44.60.176
2020-02-11 15:52:59,920 fail2ban [15584]: ERROR NOK: (‘postfix-sasl’,)
postfix-sasl Jail enabled
- Currently banned: - Total banned after service start:
- Banned IP:
postfix-sasl-abuse Jail enabled
- Currently banned: 0 - Total banned after service start: 0
- Banned IP:
recidive Jail enabled
- Currently banned: 0 - Total banned after service start: 0
- Banned IP:

rmk · February 12, 2020, 12:32am

I replaced my old copy of postfix.conf with the postfix.conf.rpmnew,
that seems to have fixed the problem.
Thx…