Handle subprocess errors

2025-04-01 17:25:33 +03:00 · 2025-04-01 17:25:33 +03:00 · d2f1a52827
commit d2f1a52827
parent 6c68429bfc
1 changed files with 55 additions and 12 deletions
--- a/smtpd_watcher/smtpd_watcher.py
+++ b/smtpd_watcher/smtpd_watcher.py
@ -49,16 +49,24 @@ class SmtpdWatcher:
        result = subprocess.run(
            ['/usr/bin/fail2ban-client', 'get', 'postfix', 'banned'],
            encoding='utf-8',
-            check=True,
+            check=False,
            capture_output=True,
        )
-        # self._log.debug(
-        #     "Args: %s. Stdout: %s. Return code: %s. Stderr: %s",
-        #     result.args,
-        #     result.stdout,
-        #     result.returncode,
-        #     result.stderr,
-        # )
+        if result.returncode != 0:
+            self._log.error(
+                "Error %s getting postfix banned IPs. %s. %s",
+                result.returncode,
+                result.stdout,
+                result.stderr
+            )
+            sys.exit(3)
+        self._log.debug(
+            "Args: %s. Stdout: %s. Return code: %s. Stderr: %s",
+            result.args,
+            result.stdout,
+            result.returncode,
+            result.stderr,
+        )
        ips['postfix'] = result.stdout.replace("'", '').replace(',', '').replace(']', '').replace('[', '').split(' ')
        self._log.debug(
            "Banned IPs in postfix jail: %s",
@ -67,9 +75,17 @@ class SmtpdWatcher:
        result = subprocess.run(
            ['/usr/bin/fail2ban-client', 'get', 'postfix-sasl', 'banned'],
            encoding='utf-8',
-            check=True,
+            check=False,
            capture_output=True,
        )
+        if result.returncode != 0:
+            self._log.error(
+                "Error %s getting postfix SASL banned IPs. %s. %s",
+                result.returncode,
+                result.stdout,
+                result.stderr
+            )
+            sys.exit(3)
        ips['postfix-sasl'] = result.stdout.replace("'", '').replace(',', '').replace(']', '').replace('[', '').split(' ')
        self._log.debug(
            "Banned IPs in postfix-sasl jail: %s",
@ -78,9 +94,17 @@ class SmtpdWatcher:
        result = subprocess.run(
            ['ufw', 'status', 'numbered'],
            encoding='utf-8',
-            check=True,
+            check=False,
            capture_output=True,
        )
+        if result.returncode != 0:
+            self._log.error(
+                "Error %s getting UFW rules. %s. %s",
+                result.returncode,
+                result.stdout,
+                result.stderr
+            )
+            sys.exit(3)
        ips['ufw'] = []
        for line in result.stdout:
            if 'DENY IN' in line:
@ -143,9 +167,18 @@ class SmtpdWatcher:
        result = subprocess.run(
            ['/usr/sbin/ufw', 'deny', 'from', ip],
            encoding='utf-8',
-            check=True,
+            check=False,
            capture_output=True,
        )
+        if result.returncode != 0:
+            self._log.error(
+                "Error %s dennying traffic from IP %s. %s. %s",
+                result.returncode,
+                ip,
+                result.stdout,
+                result.stderr
+            )
+            sys.exit(3)
        self._log.debug(
            "Denying traffic from IP '%s' in UFW result: %s",
            ip,
@ -159,9 +192,19 @@ class SmtpdWatcher:
        result = subprocess.run(
            ['/usr/bin/fail2ban-client', 'set', jail, 'banip', ip],
            encoding='utf-8',
-            check=True,
+            check=False,
            capture_output=True,
        )
+        if result.returncode != 0:
+            self._log.error(
+                "Error %s setting ban on jail %s to IP %s. %s. %s",
+                result.returncode,
+                jail,
+                ip,
+                result.stdout,
+                result.stderr
+            )
+            sys.exit(3)
        self._log.debug(
            "Adding ban to IP '%s' in jail '%s' result: %s",
            ip,