I've been checking the COS5.2 fail2ban jail.local and jail.conf and log locations where in the jail.* files. Since COS7 is using systemd with logs, is where the problem is???
In the new jail.conf it shows
I can't figure out what it is referencing.
When I query what log postfix is using for fail2ban it says
I guess this is correct since it isn't starting so not reading any logs. This is going beyond my novice knowledge.
Could this be an issue if both postfix-sasl and cyrus jails are reading the same log at the same time?
Nick Howitt wrote:
I kept my options open when creating the initial certificate with certbot before the Let's Encrypt app was released. With the Let's Encrypt App, it can only cover one FQDN. I believe that from 27th February, Let's Encrypt will release a wildcard certificate which makes life easier but I have no idea if you can request one with the app.
Nick, I don't think I understand what you mean.
When I did the original install I created 1 certificate for my home domain and also one virtual domain within the same certificate as you have. So with the MarketPlace App you can't do this? Since i need it to cover 2 domains, I should stay with my present manual installation and not change to the Marketplace App?
Thanks again for your help!
Nick Howitt wrote:
Can you disable all jails in the webconfig then start them one by one? By your logs it looks like sshd-ddos and postfix-sasl are failing. I use postfix-sasl but no sshd jails as I don't open ssh to the internet. My postfix-sasl is slightly altered from base so I wonder if that is why mine works.
Thanks again for your help.
I disabled all jails except for cyrus-imapd and fail2ban started OK.
I don't have port 22 open to the outside either. I presume I don't have to worry about this sshd-ddos running if the port is closed?
I'd like to get postfix-sasl running as I'm running a home mail server.
There looks to be some sort of clear files in addition to the jail.conf to control fail2ban. If I make changes in a jail.local am going to break something with COS7?
It's been years since I adjusted/tuned fail2ban on COS5.2.
Last week after doing the firmware updates for Spectre & Meltdown and rebooting, fail2ban will not run. It starts and then quits after showing this error "NOTICE Jail started without 'journalmatch' set". I've tried to restart/condrestart using systemctl and the webgui. The restart using the webgui hangs the webgui. The systemctl commands restart & condrestart seem to work but when I use systemctl start fail2ban or fail2ban.service, the CLI never completes the command.
The log doesn't give much more info.
I haven't changed anything on fail2ban. All I've done over the past week is to try to restart it when I noticed it wasn't running.
What should I be looking at to get this running?
I had all sorts of problems with email since I did the forwarding. I'm not quite sure what the problem was but suspect that this forwarding was the problem or a part of it.
Ben I tried your suggestions and I liked the fact that I could add forwards from the GUI.
However it looked like all outbound mail was not leaving. I followed up with a number of people who I sent emails to but they never received anything. So for about 3 days we didn't send any emails. The logs show the email going to mailfilter and then being deleted.
As I said, there may have been other factors in play because I fixed a certificate issue and imapd failure at the same time as removing the /var/clearos/mail_routing/forwarders file. Upon deleting the forwarders file, doing the aliases command and then reloading postfix, it looks like it's working properly again.
I think this forwarders file solution needs some more testing.
Nick Howitt wrote:
I don't know about your last error. Are you connecting to cyrus-imap using STARTTLS (SSL/TLS) or SSL?
I believe the options in Thunderbird & K-9 are STARTTLS or SSL/TLS. I have SSL/TLS enabled for imaps and pops email. Regular imap and pop are disabled.