New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
imap3 port not defined in Debian Stretch #1942
Comments
I found no references about this neither in debian stretch changelog, nor somewhere else. $ grep VERSION /etc/os-release && grep imap3 /etc/services
VERSION_ID="9"
VERSION="9 (stretch)"
imap3 220/tcp # Interactive Mail Access
imap3 220/udp # Protocol v3 @yarikoptic, @fail2ban/maintainers What do you think about this?
This is the matter of opinion: the one wants just to see a warning (and nevertheless to start fail2ban to protect another jails), another wants prevent the start completely. But ATM I don't understood why this error let start fail2ban (even exactly with version 0.9.x)... |
heh heh ... thanks for the report
|
Well, as I understand, the mentioned |
Fixed in #1812 |
Hi! Have no idea why I didn't received notification for this. So... Thank you! |
You're welcome. |
Debian stretch does not have an imap3 entry in /etc/service, but this port is referenced in the default jail.conf configuration file. THe problem was addressed upstream, but the fix was not rolled-out to the Debian package: fail2ban/fail2ban#1942 Fix this locally so that these jails do not fail to start.
Debian stretch does not have an imap3 entry in /etc/service, but this port is referenced in the default jail.conf configuration file. THe problem was addressed upstream, but the fix was not rolled-out to the Debian package: fail2ban/fail2ban#1942 Fix this locally so that these jails do not fail to start.
I was hit by this. Seems debian 9 still ships with this.
Hope im not digging this up unnecessarily, but in any case hope you appreciate it. I issued an upgrade, but didn't see any updates for it in the repo. Cause I know you may ask; stretch-repo's used
Evidently I do hope that changing the imap3 entries to 'imap' will fix it ;-) Best, |
ack, sadly still get
It is interesting to note that the SSHD iptable chain is dropping people passing maxretry=5 just fine. Wheras SASL-postfix filter.d is not. I think it is regarding the issue you raise earlier, though replacing the imap3 with imap does not seem to have fixed it. Can you clarify on the fix I should apply ? Cheers :) Best wishes, |
Your excerpt is cut off ( As regards "but didn't see any updates for it in the repo.", - as #1812 said - it is fixed for v.0.10 only. |
Thanks for writing and clarifying. I didn't see that it was fixed for 0.10 only. so, I thought I'd just keep on removing from the jail.conf file the ports used that iptbles 1.6 wasnt happy with. In my case I only really wanted SMTP anyway, I'll add the rest later. Someone ip range was being particularly bothersome today. Apologies invalid port/service.
simply adding
as opposed to http,https,smtp,ssmtp,submission,imap2,imap,imaps,pop3,pop3s. Seemed to fix it. Removing just imap3 didn't. If that's useful great. At least my reject in the postfix-sasl chain now appear since i shortened the line i refer. If this helps, great. Best wishes, |
Could you please have a look at which other ports/aliases you still miss in your |
Hey sebres, apologies, I didn't see your message as my old work email was still getting notifications. If I understand your question correct. I believe it should be the default /etc/services file.
I'm not sure but I guess this is approximately what you wanted to know was?
I think that it is something to do with more than just the imap alias was my point, and I suspect iptables has an issue with the use of the others, as to why that is, you seem to know more on this situation than me. Thanks for the software though, I'm pleased to anounce my f2b-posfix-sasl chain is now working as expected. Simply just using the modifications I suggested above. I'm just guessing one of the other settings (other than SMTP) just wasn't appreciated by iptables, and perhaps that is something to do with the /etc/services file I suppose is your point. Anyway, sorry for delay in responding and hope this helps some, if not, oh well :-) Best, |
Debian stretch does not have an imap3 entry in /etc/service, but this port is referenced in the default jail.conf configuration file. THe problem was addressed upstream, but the fix was not rolled-out to the Debian package: fail2ban/fail2ban#1942 Fix this locally so that these jails do not fail to start.
Environment:
The issue:
I had defined a webmail spam jail:
Everything seems to work OK. I received an email with subject:
But today I found, that even the
fail2ban-client
prints that IP is blocked,iptables
rules were missing. In log I found:Similar errors I got during fail2ban restart.
The solution for me was to remove
imap3
from the jail definition, because it is missing in/etc/services
after upgrade to Stretch.Would be great if fail2ban refuse to start in such cases.
The text was updated successfully, but these errors were encountered: