[Fail2ban-users] errors unbanning postfix IPs : Failed to execute unban jail 'postfix-auth' action 'iptables-multiport' info

[Sophie Loewenthal]

Good morning, 

This is interesting ( for me ).

I read this in my logs after enabling postfix-auth on Debian 9.2


fail2ban.log
2018-03-15 19:12:36,066 fail2ban.actions        [12742]: ERROR   Failed to 
execute unban jail 'postfix-auth' action 'iptables-multiport' info '{'matches': 
'Mar 14 21:01:44 mx10 postfix/smtpd[29359]: lost connection after AUTH from 
unknown[60.163.89.128]Mar 14 21:01:44 mx10 postfix/smtpd[29363]: lost 
connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:44 mx10 
postfix/smtpd[29361]: lost connection after AUTH from unknown[60.163.89.128]Mar 
14 21:01:45 mx10 postfix/smtpd[29359]: lost connection after AUTH from 
unknown[60.163.89.128]Mar 14 21:01:45 mx10 postfix/smtpd[29363]: lost 
connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:45 mx10 
postfix/smtpd[29361]: lost connection after AUTH from unknown[60.163.89.128]Mar 
14 21:01:45 mx10 postfix/smtpd[29364]: lost connection after AUTH from 
unknown[60.163.89.128]Mar 14 21:01:46 mx10 postfix/smtpd[29361]: lost 
connection after AUTH from unknown[60.163.89.128]Mar 14 21:01:46 mx10 
postfix/smtpd[29363]: lost connection after AUTH from unknown[60.163.89.128]Mar 
14 21:01:46 mx10 postfix/smtpd[29359]: lost connection after AUTH from 
unknown[60.163.89.128]', 'failures': 10, 'time': 1521140815.757546, 'ip': 
'60.163.89.128'}': Error unbanning 60.163.89.128
2018-03-15 19:13:08,331 fail2ban.action         [13158]: ERROR   iptables -w -D 
INPUT -p tcp -m multiport --dports 
http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve -j f2b-postfix
2018-03-15 19:13:08,331 fail2ban.action         [13158]: ERROR   iptables -w -D 
INPUT -p tcp -m multiport --dports 
http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve -j f2b-postfix
2018-03-15 19:13:08,331 fail2ban.action         [13158]: ERROR   iptables -w -D 
INPUT -p tcp -m multiport --dports 
http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve -j f2b-postfix
2018-03-15 19:13:08,331 fail2ban.actions        [13158]: ERROR   Failed to stop 
jail 'postfix-auth' action 'iptables-multiport': Error stopping action


An example from /var/log/mail.log:
Mar 14 21:01:44 mx10 postfix/smtpd[29359]: lost connection after AUTH from 
unknown[60.163.89.128]
Mar 14 21:01:44 mx10 postfix/smtpd[29359]: disconnect from 
unknown[60.163.89.128] ehlo=1 auth=0/1 commands=1/2
Mar 14 21:01:44 mx10 postfix/smtpd[29359]: connect from unknown[60.163.89.128]
Mar 14 21:01:45 mx10 postfix/smtpd[29359]: lost connection after AUTH from 
unknown[60.163.89.128]
Mar 14 21:01:45 mx10 postfix/smtpd[29359]: disconnect from 
unknown[60.163.89.128] ehlo=1 auth=0/1 commands=1/2
Mar 14 21:01:45 mx10 postfix/smtpd[29359]: connect from unknown[60.163.89.128]
Mar 14 21:01:46 mx10 postfix/smtpd[29359]: lost connection after AUTH from 
unknown[60.163.89.128]
Mar 14 21:01:46 mx10 postfix/smtpd[29359]: disconnect from 
unknown[60.163.89.128] ehlo=1 auth=0/1 commands=1/2


fail2ban version 0.9.6-2


jail.local:
[postfix]
enabled  = true
logpath  = /var/log/mail.log
# mail.log because I don’t log to mail.warn. Everything in one file to see all 
the problems in one place.

jail.conf
[postfix]
port     = smtp,465,submission
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s



# fail2ban-client status postfix
Status for the jail: postfix
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     79
|  `- File list:        /var/log/mail.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:   


Best wishes, Sophie.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users