Any problem removing Postfix while using Fail2Ban on Ubuntu18LTS?
I'm running Fail2Ban on Ubuntu18LTS, and getting periodically hammered, during which episodes I get a number of 'fatal: open /etc/postfix/main.cf: No such file or directory' errors in the Apache status output before Apache restarts and the problem clears. I'm not sure if this is a normal Apache OOM issue, and the errors are normal notification failures, or if someone is trying to hijack Postfix, and that's ultimately triggering the issue and service restart.
My preference, as the server doesn't need email, is to uninstall Postfix - are there any issues with that? I realize Fail2Ban won't be able to send notifications, but that doesn't concern me. Are there any unwanted side effects this might cause?
2 Replies
apache2 and postfix shouldn't have anything to do with each other (normally, postfix will run chroot'd to /var/spool/postfix). If apache2 is trying to read the postfix configuration, you have a serious apache configuration issue…someone/something is trying to read your postfix configuration for off-line analysis (if this is the case, and it's not you, someone is trying to hijack postfix). There are several ways to block IP address(es):
- sudo fail2ban-client set somejail banip someIP (works for IPv6 too…installs someIP in the fail2ban jail somejail for whatever the default sentence is for the jail);
- block the IP address in your apache2 coniguration somewhere (see: http://www.htaccess-guide.com/deny-visitors-by-ip-address );
- install the IP address in your firewall (see: https://upcloud.com/community/tutorials/configure-iptables-ubuntu for iptables, https://net2.com/how-to-set-up-a-firewall-on-ubuntu-18-04 for ufw, or https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables for nftables…last one assumes some knowledge of iptables).
To your question, just remove all the references to the mail log (/var/log/mail.log) from the configuration of fail2ban jails first (in /etc/fail2ban/jail.local, typically).
If you don't do this, failban will still run but give you warnings about the jails associated with mail.
-- sw
Wrt apache2… I use this to block bad bots and bad traffic to my web server:
https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker
Works like a champ! Pretty easy to set up too…
-- sw