Fail2ban postfix-sasl and postfix-rbl - not enabling or running

NethServer Version: release 7.7.1908 (final)
Module: fail2ban

Recently after updating the fail2ban app… just checking using fail2ban-client status command, I find my postfix-sasl and postfix-rbl is not running… not sure how to fix it.

using fail2ban-client status :
Status
|- Number of jail: 26
`- Jail list: apache-auth, apache-badbots, apache-botsearch, apache-fakegooglebot, apache-modsecurity, apache-nohome, apache-noscript, apache-overflows, apache-scan, apache-shellshock, dovecot, dovecot-nethserver, httpd-admin, mysqld-auth, pam-generic, pam-generic-nethserver, phpmyadmin, postfix, postfix-ddos, postfix-sasl-abuse, recidive, roundcube-auth, rspamd, sieve, sogo-auth, sshd

I restarted the fail2ban … start gets the same status…
restarting the fail2ban i get the following error message:


2020-02-05 20:26:56,400 fail2ban.configreader [23609]: ERROR Found no accessible config files for ‘filter.d/postfix-rbl’ under /etc/fail2ban
2020-02-05 20:26:56,400 fail2ban.jailreader [23609]: ERROR Unable to read the filter ‘postfix-rbl’
2020-02-05 20:26:56,400 fail2ban.jailsreader [23609]: ERROR Errors in jail ‘postfix-rbl’. Skipping…
2020-02-05 20:26:56,409 fail2ban.configreader [23609]: ERROR Found no accessible config files for ‘filter.d/postfix-sasl’ under /etc/fail2ban
2020-02-05 20:26:56,409 fail2ban.jailreader [23609]: ERROR Unable to read the filter ‘postfix-sasl’
2020-02-05 20:26:56,409 fail2ban.jailsreader [23609]: ERROR Errors in jail ‘postfix-sasl’. Skipping…


Appreciate some guidance and help… thanks in advance…

2 Likes

It seems that with the move to fail2ban_0.10 the filters

/etc/fail2ban/filter.d/postfix-rbl.conf
/etc/fail2ban/filter.d/postfix-sasl.conf

are no more provided by fail2ban, we need to update the GUI to reflect one postfix jail

Thank to pointed it, it is a valuable bug but I cannot reproduce on my two servers, even if we have to remove the two jails postfix-sasl and postfix-rbl since fail2ban doesnt provide them anymore

maybe you run the log with other value than INFO

@giacomo could you check other servers ?

Moved to filter.d/postfix.conf:

https://github.com/fail2ban/fail2ban/blob/0.10/ChangeLog

  • filter.d/postfix-rbl.conf: removed (replaced with postfix[mode=rbl])
  • filter.d/postfix-sasl.conf: removed (replaced with postfix[mode=auth])
1 Like

thank you :smiley:

I think the filters just changed the name:

  • /etc/fail2ban/filter.d/postfix.con
  • /etc/fail2ban/filter.d/postfix-sasl-abuse.conf
  • /etc/fail2ban/filter.d/postfix-ddos.conf

yep we provide

  • /etc/fail2ban/filter.d/postfix-sasl-abuse.conf
  • /etc/fail2ban/filter.d/postfix-ddos.conf

and the two missing jails have been merged inside postfix.conf

1 Like

Thanks … somehow I don’t see that postfix-rbl and postfix-sasl changes in my postfix.conf .

Can you explain where I can find the updates to add those changes ?

I see postfix-ddos, postfix-sasl-abuse modes running… does this mean postfix-rbl & postfix-sasl no longer needed ?

1 Like

Yes they have been merged inside one jail: postfix

Only postfix-rbl is exposed inside the UI, the goal is also to remove it from cockpit and nethgui

Thank you…

Hey @rmk would you please test the fix which is available

Thanks Stephane, … the server that has a problem has support subscription… How do I get it to update with your update ? I tried an Update, it does not show the new fail2ban version yet… Thnx again

The rpm has been verified, it is coming soon

1 Like

Thanks…much appreciated.

Thank you for the Fixed ! after update … the Fail2ban module - All looks good …
Very Much appreciated !

After the Fail2ban update … When I do a fail2ban-listban command:
here’s what I get on the report for :
postfix-rbl [15558]: ERROR NOK: (‘postfix-rbl’,)
and
postfix-sasl [15584]: ERROR NOK: (‘postfix-sasl’,)

it seems to enabled later … what do this mean ?


postfix Jail enabled
- Currently banned: 0 - Total banned after service start: 0
- Banned IP:
2020-02-11 15:52:59,761 fail2ban [15558]: ERROR NOK: (‘postfix-rbl’,)
postfix-rbl Jail enabled
- Currently banned: - Total banned after service start:
- Banned IP:
postfix-ddos Jail enabled
- Currently banned: 3 - Total banned after service start: 3
- Banned IP: 61.19.101.157 51.77.34.204 117.44.60.176
2020-02-11 15:52:59,920 fail2ban [15584]: ERROR NOK: (‘postfix-sasl’,)
postfix-sasl Jail enabled
- Currently banned: - Total banned after service start:
- Banned IP:
postfix-sasl-abuse Jail enabled
- Currently banned: 0 - Total banned after service start: 0
- Banned IP:
recidive Jail enabled
- Currently banned: 0 - Total banned after service start: 0
- Banned IP:

I replaced my old copy of postfix.conf with the postfix.conf.rpmnew,
that seems to have fixed the problem.
Thx…