Debian Stretch fail2ban imap3 Eintrag in jail.conf

[etron770]

Hallo zusammen,
fail2ban findet zwar die IP und sagt mehrmals aready blocked, aber die IP wird nicht geblockt, kann es sein dass die IP
ip=[::ffff:51.15.201.86] im syslog lautet und das fail2ban nicht hinbekommt?
iptables -L -n zeigt keine einzige geblockte IP an
Hab die Hheadline geändert, weil es wohl am nachfolgenden Fehler liegt

 

[etron770]

Scheint also ob es ein generelles Problem ist weil iptables (Debian Stretch) mit dem Standart Eintrag imap3 in der jail.local ( auch original jail.conf) nicht zurechtkommt.

Nachdem ich den in imap geändert habe klappt es
iptables -w -A f2b-courier-auth -j RETURN iptables -w -I INPUT -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-courier-auth -- stdout: b'' 2019-02-15 20:39:47,435 fail2ban.action [21923]: ERROR iptables -w -N f2b-courier-auth iptables -w -A f2b-courier-auth -j RETURN iptables -w -I INPUT -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-courier-auth -- stderr: b"iptables v1.6.0: invalid port/service `imap3' specified\nTry `iptables -h' or 'iptables --help' for more information.\n" 2019-02-15 20:39:47,435 fail2ban.action [21923]: ERROR iptables -w -N f2b-courier-auth iptables -w -A f2b-courier-auth -j RETURN iptables -w -I INPUT -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-courier-auth -- returned 2 2019-02-15 20:39:47,436 fail2ban.actions [21923]: ERROR Failed to execute unban jail 'courier-auth' action 'iptables-multiport' info '{'time': 1550258986.3629622, 'ip': '51.15.201.86', 'failures': 55, 'matches': 'Feb 15 20:19:46 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:19:51 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:19:56 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:20:01 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:20:06 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:20:11 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:20:16 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:20:21 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:20:26 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:20:31 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:20:36 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:20:41 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:20:46 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:20:52 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:20:57 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:21:02 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:21:07 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:21:12 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:21:17 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:21:22 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:21:27 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:21:32 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:21:37 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:21:42 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:21:47 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:21:52 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:21:57 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:22:02 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:22:08 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:22:13 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:22:23 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:22:28 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:22:33 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:22:38 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:22:43 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:22:48 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:22:53 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:22:58 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:23:03 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:23:08 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:23:14 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:23:19 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:23:24 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:23:29 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:23:34 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:23:39 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:23:44 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:23:49 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:23:54 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:23:59 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:24:04 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:24:09 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:24:14 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:24:19 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]Feb 15 20:24:25 mail pop3d: LOGIN FAILED, user=test@website_to_be_blocked.org, ip=[::ffff:51.15.201.86]'}': Error starting action

 

[nowayback]

liegt halt an ipv6 - ist nen bekanntes problem

 

[etron770]

Schaut aber mit der neuesten Version von fail2ban (debian stretch) ganz gut aus.
Ich hab es komplett deinstalliert, die alten jails (gesichert) gelöscht, und seit dem funktioniert es mit den neuen conf und jail Dateien super.