• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved [fail2ban errors] f2b-plesk-postfix & plesk-dovecot

Liew CheonFong

Liew CheonFong

Basic Pleskian
while checking fail2ban log file, I found fail2ban filter errors for "plesk-postfix" and "plesk-dovecot".

Could anyone please explain the errors? How do I solve the errors?

Thanks in advance!

Code: 
2017-04-28 09:04:58,664 fail2ban.filter [6069]: INFO [plesk-postfix] Found 190.107.28.228
2017-04-28 09:08:11,864 fail2ban.actions [6069]: NOTICE [plesk-postfix] Unban 125.123.159.64
2017-04-28 09:08:11,977 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- stdout: ''
2017-04-28 09:08:11,978 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- stderr: ''
2017-04-28 09:08:11,980 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- returned 1
2017-04-28 09:08:11,980 fail2ban.CommandAction [6069]: ERROR Invariant check failed. Trying to restore a sane environment
2017-04-28 09:08:12,093 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
iptables -F f2b-plesk-postfix
iptables -X f2b-plesk-postfix -- stdout: ''
2017-04-28 09:08:12,093 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
iptables -F f2b-plesk-postfix
iptables -X f2b-plesk-postfix -- stderr: "iptables v1.6.0: Couldn't load target `f2b-plesk-postfix':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
2017-04-28 09:08:12,093 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
iptables -F f2b-plesk-postfix
iptables -X f2b-plesk-postfix -- returned 1
2017-04-28 09:08:12,093 fail2ban.actions [6069]: ERROR Failed to execute unban jail 'plesk-postfix' action 'iptables-multiport' info '{'matches': u'Apr 28 08:08:06 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:07 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:08 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:09 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:10 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failure', 'ip': '125.123.159.64', 'time': 1493338091.744811, 'failures': 5}': Error stopping action
2017-04-28 09:08:42,130 fail2ban.actions [6069]: NOTICE [plesk-postfix] Unban 122.231.57.61
2017-04-28 09:08:42,238 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- stdout: ''
2017-04-28 09:08:42,240 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- stderr: ''
2017-04-28 09:08:42,240 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- returned 1
2017-04-28 09:08:42,241 fail2ban.CommandAction [6069]: ERROR Invariant check failed. Trying to restore a sane environment
2017-04-28 09:08:42,347 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
iptables -F f2b-plesk-postfix
iptables -X f2b-plesk-postfix -- stdout: ''
2017-04-28 09:08:42,349 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
iptables -F f2b-plesk-postfix
iptables -X f2b-plesk-postfix -- stderr: "iptables v1.6.0: Couldn't load target `f2b-plesk-postfix':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
2017-04-28 09:08:42,350 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
iptables -F f2b-plesk-postfix
iptables -X f2b-plesk-postfix -- returned 1
2017-04-28 09:08:42,350 fail2ban.actions [6069]: ERROR Failed to execute unban jail 'plesk-postfix' action 'iptables-multiport' info '{'matches': u'Apr 28 08:08:35 myserver postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:36 myserver postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:38 myserver  postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:39 myserver postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:41 myserver postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failure', 'ip': '122.231.57.61', 'time': 1493338122.014175, 'failures': 5}': Error stopping action

Code: 
2017-04-28 09:23:09,135 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:13,081 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:13,389 fail2ban.actions [6069]: NOTICE [plesk-dovecot] Ban 37.49.224.141
2017-04-28 09:23:13,391 fail2ban.filter [6069]: INFO [recidive] Found 37.49.224.141
2017-04-28 09:23:13,499 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-dovecot[ \t]' -- stdout: ''
2017-04-28 09:23:13,500 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-dovecot[ \t]' -- stderr: ''
2017-04-28 09:23:13,501 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-dovecot[ \t]' -- returned 1
2017-04-28 09:23:13,501 fail2ban.CommandAction [6069]: ERROR Invariant check failed. Trying to restore a sane environment
2017-04-28 09:23:13,611 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports imap,imap3,imaps,pop3,pop3s,4190 -j f2b-plesk-dovecot
iptables -F f2b-plesk-dovecot
iptables -X f2b-plesk-dovecot -- stdout: ''
2017-04-28 09:23:13,612 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports imap,imap3,imaps,pop3,pop3s,4190 -j f2b-plesk-dovecot
iptables -F f2b-plesk-dovecot
iptables -X f2b-plesk-dovecot -- stderr: "iptables v1.6.0: Couldn't load target `f2b-plesk-dovecot':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
2017-04-28 09:23:13,612 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports imap,imap3,imaps,pop3,pop3s,4190 -j f2b-plesk-dovecot
iptables -F f2b-plesk-dovecot
iptables -X f2b-plesk-dovecot -- returned 1
2017-04-28 09:23:13,612 fail2ban.actions [6069]: ERROR Failed to execute ban jail 'plesk-dovecot' action 'iptables-multiport' info 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f79701ea578>, 'matches': u'Apr 28 09:22:50 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<UHlL6S9OHNYlMeCN>\nApr 28 09:22:57 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<puJ86S9OAdglMeCN>\nApr 28 09:23:01 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<PfW46S9OWNklMeCN>\nApr 28 09:23:09 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 10 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<+P706S9OAtolMeCN>\nApr 28 09:23:13 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 10 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<sDUx6i9OldolMeCN>', 'ip': '37.49.224.141', 'ipmatches': <function <lambda> at 0x7f7970216758>, 'ipfailures': <function <lambda> at 0x7f79701ea488>, 'time': 1493342593.38924, 'failures': 5, 'ipjailfailures': <function <lambda> at 0x7f79701ea7d0>})': Error stopping action
2017-04-28 09:23:16,498 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:27,413 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:31,351 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:35,313 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:39,218 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:39,652 fail2ban.actions [6069]: NOTICE [plesk-dovecot] 37.49.224.141 already banned
2017-04-28 09:23:43,121 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:47,050 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
 
Hi Liew CheonFong,

pls. STOP your Fail2Ban instance and START it again.

If this doesn't already solved your issue, pls. consider to STOP Fail2Ban, afterwards FLUSH your iptables with for example ( logged in as user "root" over SSH ):
Code: 
/sbin/iptables -F
... and START Fail2Ban again.
 
You must log in or register to reply here.

Similar threads

J
Resolved 25: Connection timed out - Almalinux 9.4 x86_64 | 18.0.61.1
Replies
2
Views
863
josemanuuxd
J
A
Issue Dovecot service(pop3-login) keeps crashing
Replies
3
Views
2K
a.sari
A
claxman
Issue Anacron job 'cron.daily' on server.domain (Fail2Ban Automatic Closing Problem)
Replies
17
Views
3K
Hiljo_Lodewijk
H
J
Resolved Can't login at Plesk admin panel (Plesk Onyx 17.0.17)
Replies
6
Views
10K
JVG
J
P
Input plesk fail2ban missing some important filter rules
Replies
2
Views
1K
PeterKi
P
Back
Top