1

Topic: Error after starting fail2ban

==== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MYSQL
- Web server (Apache or Nginx): Apache
- Linux/BSD distribution name and version: CentOS 7
- Related log if you're reporting an issue:
====

Hi guys,
I'm having the following error when fail2ban start:

Mar 21 12:37:08 mail systemd: Started Fail2Ban Service.
Mar 21 12:37:08 mail fail2ban[9771]: CRITICAL Unhandled exception in Fail2Ban:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/fail2ban/server/jailthread.py", line 64, in run_with_except_hook
    run(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py", line 244, in run
    *self.formatJournalEntry(logentry))
  File "/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py", line 172, in formatJournalEntry
    'SYSLOG_PID', logentry['_PID']))
KeyError: '_PID'
Mar 21 12:37:08 mail fail2ban[9771]: CRITICAL Unhandled exception in Fail2Ban:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/fail2ban/server/jailthread.py", line 64, in run_with_except_hook
    run(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py", line 244, in run
    *self.formatJournalEntry(logentry))
  File "/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py", line 172, in formatJournalEntry
    'SYSLOG_PID', logentry['_PID']))
KeyError: '_PID'
Mar 21 12:37:08 mail fail2ban[9771]: CRITICAL Unhandled exception in Fail2Ban:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/fail2ban/server/jailthread.py", line 64, in run_with_except_hook
    run(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py", line 244, in run
    *self.formatJournalEntry(logentry))
  File "/usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py", line 172, in formatJournalEntry
    'SYSLOG_PID', logentry['_PID']))
KeyError: '_PID'

Anyone has a clue?
I have added some rules to firewalld, but nothing more.

Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Error after starting fail2ban

No idea yet. Please show us your /etc/fail2ban/jail.local to help troubleshoot.

3

Re: Error after starting fail2ban

Hi, here my /etc/fail2ban/jail.local

[root@mail /]# cat /etc/fail2ban/jail.local
# Refer to /etc/fail2ban/jail.conf for more examples.
[DEFAULT]
maxretry    = 5
# time is in seconds. 3600 = 1 hour
findtime    = 300
bantime     = 3600
ignoreip    = 127.0.0.1 127.0.0.0/8 192.168.0.0/16

[sshd]
enabled     = true
filter      = sshd
action      = iptables-allports
logpath     = /var/log/secure

[sshd-ddos]
enabled     = true
filter      = sshd-ddos
action      = iptables-allports
logpath     = /var/log/secure

[roundcube-iredmail]
enabled     = true
filter      = roundcube.iredmail
action      = iptables-multiport[name=roundcube, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath     = /var/log/maillog
findtime    = 3600

[dovecot-iredmail]
enabled     = true
filter      = dovecot.iredmail
action      = iptables-multiport[name=dovecot, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath     = /var/log/dovecot.log

[postfix-iredmail]
enabled     = true
filter      = postfix.iredmail
action      = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
#              sendmail[name=Postfix, dest=root, sender=fail2ban@localhost]
logpath     = /var/log/maillog

Thanks again

4

Re: Error after starting fail2ban

Try to add below setting under '[DEFAULT]' section:

backend = gamin

Restart Fail2ban.

5

Re: Error after starting fail2ban

Seems like the problem went away itself... I don't know why and how...
Anyway, adding backend = gamin this is what it results in the logs

fail2ban.jail[10444]: ERROR Backend 'gamin' failed to initialize due to No module named gamin
fail2ban.jail[10444]: WARNING Could only initiated 'polling' backend whenever 'gamin' was requested

When i restart fail2ban withot that entry i get this in the logs

fail2ban.filtersystemd[11125]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
fail2ban.filtersystemd[11125]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.fail2ban.filtersystemd
[11125]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.

6

Re: Error after starting fail2ban

Everything runs fine now I edited /etc/fail2ban/jail.d/00-systemd.conf and setted up backend = auto

7

Re: Error after starting fail2ban

Thanks for sharing.

iRedMail doesn't install package 'fail2ban-systemd' by default, looks like you installed it manually. But with 'backend = systemd', it should work as expect, if it doesn't work, you'd better post this issue to RPM package maintainer OR Fail2ban developers.