Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Fail2ban issues with "backend = systemd"

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
RutRow
Posts: 1
Joined: 2022-07-19 14:39

Fail2ban issues with "backend = systemd"

#1 Post by RutRow »

Having trouble getting fail2ban working with backend = systemd. Matches in the filter are not caught. Same setup works fine with backend = auto.

Debian 11.4

Warning message on startup:

Code: Select all

Jul 19 08:36:31 svr fail2ban.filter[1550]: WARNING [postfix] Simulate NOW in operation since found time has too large deviation 1658244743.065254 ~ 1658244991.7781656 +/- 60
Jul 19 08:36:31 svr fail2ban.filter[1550]: WARNING [postfix] Please check jail has possibly a timezone issue. Line with odd timestamp: ('', '2022-07-19T08:32:23.065254', 'svr postfix/postfix-script[1406]: starting the Postfix mail system')
jail.conf

Code: Select all

[DEFAULT]
usedns = no
logencoding = utf-8

[postfix]
enabled  = true
filter   = postfix
bantime  = 4h
findtime = 2h
maxretry = 2
action   = ban
backend  = systemd
filter.d/postfix.conf change

Code: Select all

journalmatch = _SYSTEMD_UNIT=postfix@-.service
#journalmatch = _SYSTEMD_UNIT=postfix.service
The original journalmatch line appears to be wrong as "journalctl _SYSTEMD_UNIT=postfix.service" produces no output.

The warning message goes away when backend = auto, so I suspect the timestamp issue is the key.

Post Reply