Tom,
The only thing I see is you have in sendmail-iptables enabled = true and
it should be enabled = true.
On Wed, 2015-08-05 at 15:52 +1000, Tom Robinson wrote:
> Hi All,
>
> I hope someone can help and that it's just a simple oversight on my part.
> I've been looking at this
> for too long now to see things clearly.
>
> Today I installed fail2ban on CentOS 6 and got the rpm for fail2ban from EPEL
> (0.9.2).
>
> My first jail was configured easily (SSH) and was working really well
> blocking with a additional
> custom regex in /etc/fail2ban/filter.d/sshd.conf:
>
> ^%(__prefix_line)sReceived disconnect from <HOST>: 11: Bye Bye\s*$
>
> On the back of such success I decided to add another jail for sendmail.
>
> Arrgh! The sendmail-iptables jail just won't load! I have gone over the
> config again and again. :-(
> Maybe someone here has a clue?
>
> Here's what I get after server startup:
>
> # fail2ban-client status sendmail-iptables
> ERROR NOK: ('sendmail-iptables',)
> Sorry but the jail 'sendmail-iptables' does not exist
>
> And my jail.local:
>
> # cat jail.local
> [sendmail-iptables]
> enable = true
> filter = sendmail-reject
> action = iptables-multiport-log[name=SENDMAIL, port="smtps,smtp,submission",
> protocol=tcp]
> sendmail-whois[name=SENDMAIL, dest=root, sender=email@mydomain]
> logpath = %(syslog_mail)s
> maxretry = 5
>
> [ssh-iptables]
> enabled = true
> filter = sshd
> action = iptables[name=SSH, port=ssh, protocol=tcp]
> sendmail-whois[name=SSH, dest=root, sender=email@mydomain]
> logpath = %(syslog_authpriv)s
> maxretry = 5
>
> And the status, etc...
>
> # fail2ban-client status
> Status
> |- Number of jail: 1
> `- Jail list: ssh-iptables
>
> # fail2ban-client status ssh-iptables
> Status for the jail: ssh-iptables
> |- Filter
> | |- Currently failed: 0
> | |- Total failed: 0
> | `- File list: /var/log/secure
> `- Actions
> |- Currently banned: 0
> |- Total banned: 0
> `- Banned IP list:
>
> Now, when I add sendmail-iptables manually all seems well:
>
> # fail2ban-client add sendmail-iptables
> Added jail sendmail-iptables
> # fail2ban-client status
> Status
> |- Number of jail: 2
> `- Jail list: sendmail-iptables, ssh-iptables
>
> # fail2ban-client status sendmail-iptables
> Status for the jail: sendmail-iptables
> |- Filter
> | |- Currently failed: 0
> | |- Total failed: 0
> | `- File list:
> `- Actions
> |- Currently banned: 0
> |- Total banned: 0
> `- Banned IP list:
>
>
> But there are no iptables CHAINS created for f2b-SENDMAIL!
>
> # iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> f2b-SSH tcp -- anywhere anywhere tcp dpt:ssh
> ...8<...
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> ...8<...
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> ...8<...
>
> Chain f2b-SSH (1 references)
> target prot opt source destination
> RETURN all -- anywhere anywhere
>
> :^(
>
> So, fail2ban fails to add sendmail-iptables on startup of the init service
> script
> (/etc/init.d/fail2ban). I can 'add' it manually but it only 'half' loads as
> the are no iptables
> entries for creating banning rules.
>
> I'm just not seeing where it's failing. Can someone please hit me with a clue
> stick!
>
> Kind regards,
> Tom
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
