1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Resolved [fail2ban errors] f2b-plesk-postfix & plesk-dovecot

Discussion in 'Plesk Onyx for Linux' started by Liew CheonFong, Apr 28, 2017.

  1. Liew CheonFong

    Liew CheonFong Basic Pleskian

    7
    20%
    Joined:
    Sep 18, 2016
    Messages:
    25
    Likes Received:
    5
    Location:
    Malaysia
    while checking fail2ban log file, I found fail2ban filter errors for "plesk-postfix" and "plesk-dovecot".

    Could anyone please explain the errors? How do I solve the errors?

    Thanks in advance!

    Code:
    2017-04-28 09:04:58,664 fail2ban.filter [6069]: INFO [plesk-postfix] Found 190.107.28.228
    2017-04-28 09:08:11,864 fail2ban.actions [6069]: NOTICE [plesk-postfix] Unban 125.123.159.64
    2017-04-28 09:08:11,977 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- stdout: ''
    2017-04-28 09:08:11,978 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- stderr: ''
    2017-04-28 09:08:11,980 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- returned 1
    2017-04-28 09:08:11,980 fail2ban.CommandAction [6069]: ERROR Invariant check failed. Trying to restore a sane environment
    2017-04-28 09:08:12,093 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
    iptables -F f2b-plesk-postfix
    iptables -X f2b-plesk-postfix -- stdout: ''
    2017-04-28 09:08:12,093 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
    iptables -F f2b-plesk-postfix
    iptables -X f2b-plesk-postfix -- stderr: "iptables v1.6.0: Couldn't load target `f2b-plesk-postfix':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
    2017-04-28 09:08:12,093 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
    iptables -F f2b-plesk-postfix
    iptables -X f2b-plesk-postfix -- returned 1
    2017-04-28 09:08:12,093 fail2ban.actions [6069]: ERROR Failed to execute unban jail 'plesk-postfix' action 'iptables-multiport' info '{'matches': u'Apr 28 08:08:06 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:07 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:08 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:09 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:10 myserver postfix/smtpd[19526]: warning: unknown[125.123.159.64]: SASL LOGIN authentication failed: authentication failure', 'ip': '125.123.159.64', 'time': 1493338091.744811, 'failures': 5}': Error stopping action
    2017-04-28 09:08:42,130 fail2ban.actions [6069]: NOTICE [plesk-postfix] Unban 122.231.57.61
    2017-04-28 09:08:42,238 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- stdout: ''
    2017-04-28 09:08:42,240 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- stderr: ''
    2017-04-28 09:08:42,240 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-postfix[ \t]' -- returned 1
    2017-04-28 09:08:42,241 fail2ban.CommandAction [6069]: ERROR Invariant check failed. Trying to restore a sane environment
    2017-04-28 09:08:42,347 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
    iptables -F f2b-plesk-postfix
    iptables -X f2b-plesk-postfix -- stdout: ''
    2017-04-28 09:08:42,349 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
    iptables -F f2b-plesk-postfix
    iptables -X f2b-plesk-postfix -- stderr: "iptables v1.6.0: Couldn't load target `f2b-plesk-postfix':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
    2017-04-28 09:08:42,350 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp,smtps,submission -j f2b-plesk-postfix
    iptables -F f2b-plesk-postfix
    iptables -X f2b-plesk-postfix -- returned 1
    2017-04-28 09:08:42,350 fail2ban.actions [6069]: ERROR Failed to execute unban jail 'plesk-postfix' action 'iptables-multiport' info '{'matches': u'Apr 28 08:08:35 myserver postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:36 myserver postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:38 myserver  postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:39 myserver postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failureApr 28 08:08:41 myserver postfix/smtpd[19526]: warning: unknown[122.231.57.61]: SASL LOGIN authentication failed: authentication failure', 'ip': '122.231.57.61', 'time': 1493338122.014175, 'failures': 5}': Error stopping action
    Code:
    2017-04-28 09:23:09,135 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
    2017-04-28 09:23:13,081 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
    2017-04-28 09:23:13,389 fail2ban.actions [6069]: NOTICE [plesk-dovecot] Ban 37.49.224.141
    2017-04-28 09:23:13,391 fail2ban.filter [6069]: INFO [recidive] Found 37.49.224.141
    2017-04-28 09:23:13,499 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-dovecot[ \t]' -- stdout: ''
    2017-04-28 09:23:13,500 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-dovecot[ \t]' -- stderr: ''
    2017-04-28 09:23:13,501 fail2ban.action [6069]: ERROR iptables -n -L INPUT | grep -q 'f2b-plesk-dovecot[ \t]' -- returned 1
    2017-04-28 09:23:13,501 fail2ban.CommandAction [6069]: ERROR Invariant check failed. Trying to restore a sane environment
    2017-04-28 09:23:13,611 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports imap,imap3,imaps,pop3,pop3s,4190 -j f2b-plesk-dovecot
    iptables -F f2b-plesk-dovecot
    iptables -X f2b-plesk-dovecot -- stdout: ''
    2017-04-28 09:23:13,612 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports imap,imap3,imaps,pop3,pop3s,4190 -j f2b-plesk-dovecot
    iptables -F f2b-plesk-dovecot
    iptables -X f2b-plesk-dovecot -- stderr: "iptables v1.6.0: Couldn't load target `f2b-plesk-dovecot':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
    2017-04-28 09:23:13,612 fail2ban.action [6069]: ERROR iptables -D INPUT -p tcp -m multiport --dports imap,imap3,imaps,pop3,pop3s,4190 -j f2b-plesk-dovecot
    iptables -F f2b-plesk-dovecot
    iptables -X f2b-plesk-dovecot -- returned 1
    2017-04-28 09:23:13,612 fail2ban.actions [6069]: ERROR Failed to execute ban jail 'plesk-dovecot' action 'iptables-multiport' info 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f79701ea578>, 'matches': u'Apr 28 09:22:50 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<UHlL6S9OHNYlMeCN>\nApr 28 09:22:57 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<puJ86S9OAdglMeCN>\nApr 28 09:23:01 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<PfW46S9OWNklMeCN>\nApr 28 09:23:09 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 10 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<+P706S9OAtolMeCN>\nApr 28 09:23:13 myserver dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 10 secs): user=<test>, method=PLAIN, rip=37.49.224.141, lip=103.3.62.239, session=<sDUx6i9OldolMeCN>', 'ip': '37.49.224.141', 'ipmatches': <function <lambda> at 0x7f7970216758>, 'ipfailures': <function <lambda> at 0x7f79701ea488>, 'time': 1493342593.38924, 'failures': 5, 'ipjailfailures': <function <lambda> at 0x7f79701ea7d0>})': Error stopping action
    2017-04-28 09:23:16,498 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
    2017-04-28 09:23:27,413 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
    2017-04-28 09:23:31,351 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
    2017-04-28 09:23:35,313 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
    2017-04-28 09:23:39,218 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
    2017-04-28 09:23:39,652 fail2ban.actions [6069]: NOTICE [plesk-dovecot] 37.49.224.141 already banned
    2017-04-28 09:23:43,121 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
    2017-04-28 09:23:47,050 fail2ban.filter [6069]: INFO [plesk-dovecot] Found 37.49.224.141
     
  2. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Best Answer
    Hi Liew CheonFong,

    pls. STOP your Fail2Ban instance and START it again.

    If this doesn't already solved your issue, pls. consider to STOP Fail2Ban, afterwards FLUSH your iptables with for example ( logged in as user "root" over SSH ):
    Code:
    /sbin/iptables -F
    ... and START Fail2Ban again.
     
    Liew CheonFong likes this.
Loading...