Resolved [fail2ban errors] f2b-plesk-postfix & plesk-dovecot

[Liew CheonFong]

while checking fail2ban log file, I found fail2ban filter errors for "plesk-postfix" and "plesk-dovecot".

Could anyone please explain the errors? How do I solve the errors?

Thanks in advance!

2017-04-28 09:04:58,664 fail2ban.filter [6069]: INFO [plesk-postfix] Found 190.107.28.228
2017-04-28 09:08:11,864 fail2ban.actions [6069]: NOTICE [plesk-postfix] Unban 125.123.159.64
2017-04-28 09:08:11,977 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- stdout: ''
2017-04-28 09:08:11,978 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- stderr: ''
2017-04-28 09:08:11,980 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- returned 1
2017-04-28 09:08:11,980 fail2ban.CommandAction [6069]: ERROR Invariant check failed. Trying to restore a sane environment
2017-04-28 09:08:12,093 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
iptables -F f2b-plesk-postfix
iptables -X f2b-plesk-postfix -- stdout: ''
2017-04-28 09:08:12,093 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
iptables -F f2b-plesk-postfix
iptables -X f2b-plesk-postfix -- stderr: "iptables v1.6.0: Couldn't load target `f2b-plesk-postfix':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
2017-04-28 09:08:12,093 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
iptables -F f2b-plesk-postfix
iptables -X f2b-plesk-postfix -- returned 1
2017-04-28 09:08:12,093 fail2ban.actions [6069]: ERROR Failed to execute unban jail 'plesk-postfix' action 'iptables-multiport' info '{'matches': u'Apr 28 08:08:06 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:07 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:08 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:09 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:10 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failure', 'ip': '125.123.159.64', 'time': 1493338091.744811, 'failures': 5}': Error stopping action
2017-04-28 09:08:42,130 fail2ban.actions [6069]: NOTICE [plesk-postfix] Unban 122.231.57.61
2017-04-28 09:08:42,238 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- stdout: ''
2017-04-28 09:08:42,240 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- stderr: ''
2017-04-28 09:08:42,240 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- returned 1
2017-04-28 09:08:42,241 fail2ban.CommandAction [6069]: ERROR Invariant check failed. Trying to restore a sane environment
2017-04-28 09:08:42,347 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
iptables -F f2b-plesk-postfix
iptables -X f2b-plesk-postfix -- stdout: ''
2017-04-28 09:08:42,349 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
iptables -F f2b-plesk-postfix
iptables -X f2b-plesk-postfix -- stderr: "iptables v1.6.0: Couldn't load target `f2b-plesk-postfix':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
2017-04-28 09:08:42,350 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
iptables -F f2b-plesk-postfix
iptables -X f2b-plesk-postfix -- returned 1
2017-04-28 09:08:42,350 fail2ban.actions [6069]: ERROR Failed to execute unban jail 'plesk-postfix' action 'iptables-multiport' info '{'matches': u'Apr 28 08:08:35 myserver postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:36 myserver postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:38 myserver  postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:39 myserver postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:41 myserver postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failure', 'ip': '122.231.57.61', 'time': 1493338122.014175, 'failures': 5}': Error stopping action

2017-04-28 09:23:09,135 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:13,081 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:13,389 fail2ban.actions [6069]: NOTICE [plesk-dovecot] Ban 37.49.224.141
2017-04-28 09:23:13,391 fail2ban.filter [6069]: INFO [recidive] Found 37.49.224.141
2017-04-28 09:23:13,499 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-dovecot[ \t]' -- stdout: ''
2017-04-28 09:23:13,500 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-dovecot[ \t]' -- stderr: ''
2017-04-28 09:23:13,501 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-dovecot[ \t]' -- returned 1
2017-04-28 09:23:13,501 fail2ban.CommandAction [6069]: ERROR Invariant check failed. Trying to restore a sane environment
2017-04-28 09:23:13,611 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports imap,imap3,imaps,pop3,pop3s,4190 -j f2b-plesk-dovecot
iptables -F f2b-plesk-dovecot
iptables -X f2b-plesk-dovecot -- stdout: ''
2017-04-28 09:23:13,612 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports imap,imap3,imaps,pop3,pop3s,4190 -j f2b-plesk-dovecot
iptables -F f2b-plesk-dovecot
iptables -X f2b-plesk-dovecot -- stderr: "iptables v1.6.0: Couldn't load target `f2b-plesk-dovecot':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
2017-04-28 09:23:13,612 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports imap,imap3,imaps,pop3,pop3s,4190 -j f2b-plesk-dovecot
iptables -F f2b-plesk-dovecot
iptables -X f2b-plesk-dovecot -- returned 1
2017-04-28 09:23:13,612 fail2ban.actions [6069]: ERROR Failed to execute ban jail 'plesk-dovecot' action 'iptables-multiport' info 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f79701ea578>, 'matches': u'Apr 28 09:22:50 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<UHlL6S9OHNYlMeCN>\nApr 28 09:22:57 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<puJ86S9OAdglMeCN>\nApr 28 09:23:01 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<PfW46S9OWNklMeCN>\nApr 28 09:23:09 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 10 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<+P706S9OAtolMeCN>\nApr 28 09:23:13 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 10 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<sDUx6i9OldolMeCN>', 'ip': '37.49.224.141', 'ipmatches': <function <lambda> at 0x7f7970216758>, 'ipfailures': <function <lambda> at 0x7f79701ea488>, 'time': 1493342593.38924, 'failures': 5, 'ipjailfailures': <function <lambda> at 0x7f79701ea7d0>})': Error stopping action
2017-04-28 09:23:16,498 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:27,413 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:31,351 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:35,313 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:39,218 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:39,652 fail2ban.actions [6069]: NOTICE [plesk-dovecot] 37.49.224.141 already banned
2017-04-28 09:23:43,121 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
2017-04-28 09:23:47,050 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141

 

[UFHH01]

Hi Liew CheonFong,

pls. STOP your Fail2Ban instance and START it again.

If this doesn't already solved your issue, pls. consider to STOP Fail2Ban, afterwards FLUSH your iptables with for example ( logged in as user "root" over SSH ):

/sbin/iptables -F

... and START Fail2Ban again.