Failed to execute ban jail 'postfix-sasl' action 'badips'

7 posts / 0 new
Last post
#1 Fri, 08/23/2019 - 18:08
adamjedgar

Failed to execute ban jail 'postfix-sasl' action 'badips'

What does this error mean exactly? (my assumption is my fail12ban server is not connecting with the "badips" website as it should as i see a "login authentication failure for the badips website)

How do i fix this? (ie either remove the function or resolve the login failure issue with badips)

2019-08-24 08:24:27,729 fail2ban.action         [960]: ERROR   curl --fail  --user-agent "<agent>" http://www.badips.com/add//219.143.144.130 -- stdout: b''
2019-08-24 08:24:27,729 fail2ban.action         [960]: ERROR   curl --fail  --user-agent "<agent>" http://www.badips.com/add//219.143.144.130 -- stderr: b'  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\n                                 Dload  Upload   Total   Spent    Left  Speed\n\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0\ncurl: (22) The requested URL returned error: 400 Bad Request\n'
2019-08-24 08:24:27,729 fail2ban.action         [960]: ERROR   curl --fail  --user-agent "<agent>" http://www.badips.com/add//219.143.144.130 -- returned 22
2019-08-24 08:24:27,729 fail2ban.actions        [960]: ERROR   Failed to execute ban jail 'postfix-sasl' action 'badips' info 'CallingMap({'ipmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7effa301c9d8>, 'ipjailmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7effa301c7b8>, 'failures': 1, 'ip': '219.143.144.130', 'ipjailfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7effa25ac0d0>, 'matches': 'Aug 24 08:24:25 server1 postfix/smtpd[29520]: warning: unknown[219.143.144.130]: SASL LOGIN authentication failed: authentication failure', 'ipfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7effa301ce18>, 'time': 1566599066.0257344})': Error banning 219.143.144.130

I am looking through the documentation on badips.com...

Is there anything specific i need to consider with regard to getting this working with Webmin/Virtualmin, or can i just follow the outline shown in badips docs?

Thu, 10/17/2019 - 20:51
adamjedgar

Is there any update on this? I am still getting errors...

2019-10-18 12:39:44,027 fail2ban.action         [24604]: ERROR   curl --fail  --user-agent "<agent>" http://www.badips.com/add//125.74.69.229 -- stderr: b'  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\n                                 Dload  Upload   Total   Spent    Left  Speed\n\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\ncurl: (22) The requested URL returned error: 400 Bad Request\n'
2019-10-18 12:39:44,027 fail2ban.action         [24604]: ERROR   curl --fail  --user-agent "<agent>" http://www.badips.com/add//125.74.69.229 -- returned 22
2019-10-18 12:39:44,028 fail2ban.actions        [24604]: ERROR   Failed to execute ban jail 'postfix-sasl' action 'badips' info 'CallingMap({'failures': 9, 'ip': '125.74.69.229', 'matches': 'Oct 17 15:43:39 server1 postfix/smtpd[9871]: warning: unknown[125.74.69.229]: SASL LOGIN authentication failed: authentication failure\nOct 17 15:43:47 server1 postfix/smtpd[9872]: warning: unknown[125.74.69.229]: SASL LOGIN authentication failed: authentication failure\nOct 17 15:43:53 server1 postfix/smtpd[9871]: warning: unknown[125.74.69.229]: SASL LOGIN authentication failed: authentication failure\nOct 17 15:44:03 server1 postfix/smtpd[9871]: warning: unknown[125.74.69.229]: SASL LOGIN authentication failed: authentication failure\nOct 17 15:44:12 server1 postfix/smtpd[9872]: warning: unknown[125.74.69.229]: SASL LOGIN authentication failed: authentication failure\nOct 17 15:44:22 server1 postfix/smtpd[9872]: warning: unknown[125.74.69.229]: SASL LOGIN authentication failed: authentication failure\nOct 17 15:44:34 server1 postfix/smtpd[9871]: warning: unknown[125.74.69.229]: SASL LOGIN authentication failed: authentication failure\nOct 17 15:44:45 server1 postfix/smtpd[9872]: warning: unknown[125.74.69.229]: SASL LOGIN authentication failed: authentication failure\nOct 17 15:44:58 server1 postfix/smtpd[9872]: warning: unknown[125.74.69.229]: SASL LOGIN authentication failed: authentication failure', 'time': 1571362782.7485423, 'ipjailfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7f020e23dae8>, 'ipmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7f020e23d598>, 'ipfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7f020e23d6a8>, 'ipjailmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7f020e23d510>})': Error banning 125.74.69.229

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Fri, 10/18/2019 - 08:39
Dibs

I think you've got a malformed command to badips's. According to badip's docs the comman needs to be of the form

https://www.badips.com/add/ssh/aa.bb.cc.dd

not

https://www.badips.com/add//aa.bb.cc.dd

which your logs seem to indicate.

Sat, 10/19/2019 - 17:21
adamjedgar

The following is all that is in my configuration file.../etc/fail2ban/action.d/badips.conf.

where in the Virtualmin docs is the information about how to use this?

# Fail2ban reporting to badips.com
#
# Note: This reports an IP only and does not actually ban traffic. Use
# another action in the same jail if you want bans to occur.
#
# Set the category to the appropriate value before use.
#
# To get see register and optional key to get personalised graphs see:
# http://www.badips.com/blog/personalized-statistics-track-the-attackers-of-all-your-servers-with-one-key

[Definition]

actionban = curl --fail  --user-agent "<agent>" http://www.badips.com/add/<category>/<ip>

[Init]

# Option: category
# Notes.: Values are from the list here: http://www.badips.com/get/categories
category =


also, I am following the following tutorial on this...https://www.howtoforge.com/tutorial/protect-your-server-computer-with-ba...

I am a little unsure about setting up the script. For example, the line_ipt=sbin/iptables #Location of tables (on my system if i add this to a user directory I foresee problems. I wish to run this from root not a virtual server owner as would be the case in the howtoforge tutorial)

#!/bin/sh
# based on this version http://www.timokorthals.de/?p=334
# adapted by Stéphane T.

_ipt=/sbin/iptables    # Location of iptables (might be correct)
_input=badips.db       # Name of database (will be downloaded with this name)
_pub_if=eth0           # Device which is connected to the internet (ex. $ifconfig for that)
_droplist=droplist     # Name of chain in iptables (Only change this if you have already a chain with this name)
_level=3               # Blog level: not so bad/false report (0) over confirmed bad (3) to quite aggressive (5) (see www.badips.com for that)
_service=any           # Logged service (see www.badips.com for that)

# Get the bad IPs
wget -qO- http://www.badips.com/get/list/${_service}/$_level > $_input || { echo "$0: Unable to download ip list."; exit 1; }

### Setup our black list ###
# First flush it
$_ipt --flush $_droplist

# Create a new chain
# Decomment the next line on the first run
#$_ipt -N $_droplist

# Filter out comments and blank lines
# store each ip in $ip
for ip in `cat $_input`
do
# Append everything to $_droplist
$_ipt -A $_droplist -i ${_pub_if} -s $ip -j LOG --log-prefix "Drop Bad IP List "
$_ipt -A $_droplist -i ${_pub_if} -s $ip -j DROP
done

# Finally, insert or append our black list
$_ipt -I INPUT -j $_droplist
$_ipt -I OUTPUT -j $_droplist
$_ipt -I FORWARD -j $_droplist

# Delete your temp file
rm $_input
exit 0

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Sat, 10/19/2019 - 18:40 (Reply to #4)
Dibs

Adam,

Virtualmin isn't going to document Fail2ban - or I certainly don't think so. Fail2ban has it's own docs and countless sites on the internet detailing how to set it up. To my mind - and it isn't intended to be literal - but VM is a wrapper, a management tool or a UI and possibly more - but wrapping around standard Linux packages. All of which have their own docs.

Location - nothing stopping someone putting the script you mention in a sub directory of fail2ban, so it isn't in a Virtual Server but effectively at the root.

HIH

Dibs

Sat, 10/19/2019 - 18:43
adamjedgar

yes but the entire reason for a Control Panel is so that administration can be done from it...hence the need for virtualmin docs on this. Its not about the code or the cron, its about how to make it work using Virtualmin GUI!

EDIT... so what is needed is the following via Virtualmin GUI 1. how to setup and synchronise banned ips with badips online 2. configure fail2ban to use it

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Sat, 10/19/2019 - 18:59
Dibs

I see where you are coming from, but I think for a Open Source project - folk probably have a list of priorities they are working through and the documentation whilst reasonable may not be perfect and even perfect might not be perfect for everyone.

I sympathise with you - I do.

The thing with Fail2ban is that you can use RBL's, you can use the various restrictions and you can use badip's and probably a host of other things - the question is how far does documentation go? [More rhetorical than an actual question].

I'll be honest - I set up most of my "things" (iptables, fail2ban & postfix) largely from amending the relavnt config files. Yes, I could have done some of it or maybe all of it from VM, but in my specific case - the journey of learning more and more about Linux and the relevant packages has been immensely rewarding. That's just for me - it could be the same for others, and equally not for others. Just my 2c worth in this last paragraph.

Dibs

Topic locked