Bug 2135621

Summary: fail2ban processing dovecot error logs uses 100% of the CPU.
Product: [Fedora] Fedora EPEL Reporter: Yohsuke怀Ooi <001>
Component: fail2banAssignee: Orion Poplawski <orion>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel9CC: anon.amish, axel.thimm, frank, hobbes1069, kim-rh, orion, vonsch
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: fail2ban-1.0.1-2.fc37 fail2ban-1.0.1-2.fc36 fail2ban-1.0.1-2.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-10 22:31:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yohsuke Ooi 2022-10-18 06:02:48 UTC
Description of problem:
There is a problem with dovecot's error log processing in fail2ban, which uses up CPU.

And the fail2ban service is no longer responding.

Version-Release number of selected component (if applicable):
fail2ban-1.0.1-1.el9.noarch

How reproducible:
After enabling the dovecot feature of fail2ban, an invalid TLS connection is made.

Steps to Reproduce:
1. Install and Setup RHEL9/EPEL
3. dnf install fail2ban dovecot
4. enable dovecot feature
  echo "[dovecot]" > /etc/fail2ban/jail.local
  echo "enabled = true" >> /etc/fail2ban/jail.local
5. systemctl restart dovecot fail2ban
6. echo QUIT | openssl s_client -connect  localhost:imap -tls1 -starttls imap


Actual results:
fail2ban-server continues to use 100% of CPU

Expected results:
Processed without increased load

Additional info:
https://github.com/fail2ban/fail2ban/issues/3370

Comment 1 Kim Bisgaard 2022-10-21 13:55:09 UTC
I can confirm the bug - I also got got full load and a no responsive fail2ban-server until I changed my config as in the fail2ban-bug-issue

Comment 2 Frank Crawford 2022-10-30 01:41:56 UTC
I've seen the same issue on F36 and can say that the fix proposed in fail2ban-bug-issue works.

Comment 3 Richard Shaw 2022-10-30 13:36:50 UTC
Upstream seemed to indicate the the fix would make it into a release fairly soon so I was trying to wait for that rather than having to update the package a second time for a version change only.

Comment 4 Fedora Update System 2022-11-02 22:47:21 UTC
FEDORA-EPEL-2022-3b4c776408 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-3b4c776408

Comment 5 Fedora Update System 2022-11-02 22:47:22 UTC
FEDORA-2022-3f9a2795e7 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-3f9a2795e7

Comment 6 Fedora Update System 2022-11-03 08:47:06 UTC
FEDORA-2022-3f9a2795e7 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-3f9a2795e7`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-3f9a2795e7

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2022-11-03 16:03:43 UTC
FEDORA-2022-9a192ab246 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-9a192ab246`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-9a192ab246

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2022-11-03 16:50:41 UTC
FEDORA-EPEL-2022-3b4c776408 has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-3b4c776408

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2022-11-10 22:31:16 UTC
FEDORA-2022-3f9a2795e7 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Fedora Update System 2022-11-11 01:15:38 UTC
FEDORA-2022-9a192ab246 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 11 Fedora Update System 2022-11-11 01:29:05 UTC
FEDORA-EPEL-2022-3b4c776408 has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.