Fail2ban Filter Action Jails all disabled cannot enable dovecot

By default it said it will enable ssh, but it was not.

I get this message trying to enable dovecot.

Failed to save jail : Invalid port name, number or range; use a single port name, number or a range in the form start:end; to specify multiple ports, separate them with commas

Port names: pop3,pop3s,imap,imaps,submission,465,sieve

How can I fix this?

If these are set to no, does this mean fail2ban does not check them?

| OS type and version | AlmaLinux 9.4 |
| Webmin version | 2.202 |
| Virtualmin version | 7.20.2 Pro |

Thanks

I think this is a duplicate. Check you /etc/services file to see if it is named. Use either name or port but not both would be my guess.
submissions 465/tcp ssmtp smtps urd # Submission over TLS [RFC8314]

You are right, pop3 has pop3s, sieve has imap, imaps, submission, and urd is defined as 465, so the line should be pop3,sieve, but it does not work, with the same error.

I do not know how this system works, I only noticed it was jailing, when I could not ssh into one site, I thought maybe it was jailed, but when I started to investigate I found the jail was not enabled for ssh, or anything.

I found this archive document that said ssh was enabled by default, so maybe this changed.
https://archive.virtualmin.com/documentation/security/fail2ban

Commands I used to look at the values

grep pop3 /etc/services
pop3            110/tcp         pop-3           # POP version 3
pop3            110/udp         pop-3
pop3s           995/tcp                         # POP-3 over SSL
pop3s           995/udp                         # POP-3 over SSL

grep pop3s /etc/services
pop3s           995/tcp                         # POP-3 over SSL
pop3s           995/udp                         # POP-3 over SSL

grep imap /etc/services
grep imaps /etc/services
grep submission /etc/services
grep 465 /etc/services

grep sieve /etc/services
imap            143/tcp         imap2           # Interim Mail Access Proto v2
imap            143/udp         imap2
imap3           220/tcp                         # Interactive Mail Access
imap3           220/udp                         # Protocol v3
imaps           993/tcp                         # IMAP over SSL
imaps           993/udp                         # IMAP over SSL
berknet         2005/tcp     csync      # csync for cyrus-imapd
oracle          2005/udp     csync      # csync for cyrus-imapd
imaps           993/tcp                         # IMAP over SSL
imaps           993/udp                         # IMAP over SSL
submission      587/tcp         msa             # mail message submission
submission      587/udp         msa             # mail message submission
urd             465/tcp         smtps   # URL Rendesvous Directory for SSM / SMTP over SSL (TLS)
igmpv3lite      465/udp                 # IGMP over UDP for SSM
pipes           1465/tcp                # Pipes Platform
pipes           1465/udp                # Pipes Platform
lbm             2465/tcp                # Load Balance Management
lbm             2465/udp                # Load Balance Management
edm-mgr-cntrl   3465/tcp                # EDM MGR Cntrl
edm-mgr-cntrl   3465/udp                # EDM MGR Cntrl
playsta2-app    4658/tcp                # PlayStation2 App Port
playsta2-app    4658/udp                # PlayStation2 App Port
playsta2-lob    4659/tcp                # PlayStation2 Lobby Port
playsta2-lob    4659/udp                # PlayStation2 Lobby Port
netops-broker   5465/tcp                # NETOPS-BROKER
netops-broker   5465/udp                # NETOPS-BROKER
tonidods        24465/tcp               # Tonido Domain Server
tonidods        24465/udp               # Tonido Domain Server
sieve-filter    2000/tcp        cisco-sccp      # Sieve Mail Filter Daemon
sieve-filter    2000/udp        cisco-sccp      # Sieve Mail Filter Daemon
sieve           4190/tcp                # ManageSieve Protocol

Does anyone have this working, if so, what values did you use?

Thanks.

I guess our /etc/services file are different. The line you posted originally was correct for your system. So, back to square one.

This is how my configuration looks under Webmin:

My screen looks similar, only the default times are a little different as I changed mine, yet I get this error. When researching I found others similar to this, but different jails, like FTP, but no solutions. I got SSH and Postfix enabled, but I got the same error for FTP, and have not tested all of them, as SSH, FTP, Postix and Dovecot are the only ones I was going to enable.

What OS are you using?

Thanks for letting me know it works, so I know it is not the ports.

Debian 11

At this point I’m clutching at straws. Error messages are not always, let’s say, exact. I’d try eliminating all but one port and use a port number.
Let’s go with 110. (even if it is the wrong port it shouldn’t throw and error)
If that works then 110,995

Thanks, this was a good idea, as it works, as long as I pick the right ports.

pop3,pop3s,imap,imaps,submission,465,sieve
pop3 110
pop3s 995
imap 143
imap3 220
imaps 993
submission 587
berknet 2005
pipes 1465
lbm 2465
edm-mgr-cntrl 3465
playsta2-app 4658
playsta2-lob 4659
netops-broker 5465
tonidods 24465
sieve-filter 2000
sieve 4190
urd 465

I added all the ports I found, and this enables dovecot.

110,995,143,220,993,587,465,4190,2005,1465,2465,3465,4658,4659,5465,24465,2000

Not sure why it did not work, as ssh has ssh as a port and it works.

Thanks

I can only think of a slight misspelling we’re not seeing. You could repeat the process with names and see what happens. Make sure you save the port list first. :wink:

I copied the text and used grep to find it, so not sure if it is a misspelling or not, this is strange, but this is AlmaLinux, and stable is old.

I have been using Virtualmin from the beginning, do not remember what year that was, but I used Webmin until this came out, and have been using the Pro license. This issue is with the Webmin side, but the interface is Virtualmin. Over the years I have used all the OSs they support, even a few they did not support, so like you said, the files are different, but I would think the names are the same, not sure about the ports. The only thing I do not like about AlmaLinux is that it has an older version of the software, like MariaDB 10 instead of 11. My guess is that others have had issues with this feature of Fail2Ban, and I am not sure if the Distro matters.

I hope others with this problem, will find this interesting, as it is not a fix, and I would have to test this to make sure it is working.

I thought I was banned for too many attempts on one domain, which I still cannot ssh into, but found it had no jail enabled, but after enabling postfix, postfix-rbl and sshd, it showed 4 jails. I rebooted instead of restarting services, as the first time it showed only 3, always reboot if you do not get what you expect.

sudo fail2ban-client status
Status
|- Number of jail:      4
`- Jail list:   dovecot, postfix, postfix-rbl, sshd


sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 7
|  |- Total failed:     8
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 155
   |- Total banned:     155
   `- Banned IP list: ... This is the list I need to find my IP in, but I also ignore this IP in the config.

This is a new list as of the date I enabled the jail, so I was not in it, and should not have been if it read the ingnoreip.

I would say it appears to work, as the list of banned IPs is large, and I can now access them from the command line.

Thanks for the help

1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.