1

Topic: Fail2ban blocks entire server after reboot

==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Ubuntu 12.04
- Related log if you're reporting an issue:
====

I have iRedMail installed since 3 months and generally it works perfectly.
However, the fail2ban service is enabled by default and it after 20-45 minutes blocks access of every user, and they cannot receive or send any mail.
If I disable fail2ban (service fail2ban stop), then it's all fine again.
On every reboot I have to say "service fail2ban stop" to prevent this from happening.

I am not familiar very much with fail2ban and I haven't changed the default configuration. Can you tell me what i should be looking for?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Fail2ban blocks entire server after reboot

*) You can disable fail2ban with update-rc.d on Ubuntu, then it won't auto-start after system start up.
*) Fail2ban scans Apache/Dovecot/Postfix log files, if a client has too many password failures, it will invoke iptables to ban this client IP address for 2 hours (default value).

Refer to http://www.fail2ban.org for more details about how it works.

3

Re: Fail2ban blocks entire server after reboot

Thanks for this.
I re-enabled it 24h ago but now the log file is entirely empty.

In-between I run the database cleanup for amavis
(cleanup_amavisd_db.py).
Can that have something to do with it - does this cleanup script clean some old log files which may contain failures from the past? Strangely there is not a single entry in the fail2ban log for 24 hours.

4

Re: Fail2ban blocks entire server after reboot

Another test - I have just now intentionally created some failed logins to the Roundcube webmail.
After a few of those, I could no longer log in at all to the webmail.
The fail2ban log file /var/log/fail2ban.log is still entirely empty, the service is enabled.

No entry in the log but I am being blocked!
The proof of this that when I say "service fail2ban stop", instantly I can log back into the webmail.
So it is fail2ban which blocks me.
Is there any other place where I should look for log files - I cannot find other logs but there should be, maybe this has been customized?

5

Re: Fail2ban blocks entire server after reboot

pschulz wrote:

In-between I run the database cleanup for amavis
(cleanup_amavisd_db.py).
Can that have something to do with it - does this cleanup script clean some old log files which may contain failures from the past? Strangely there is not a single entry in the fail2ban log for 24 hours.

No.

pschulz wrote:

Is there any other place where I should look for log files

Why not check other log files under /var/log/? e.g. /var/log/messages, /var/log/syslog, etc.