From d2f1a528279e301bda885d131bb0cc92840c1745 Mon Sep 17 00:00:00 2001
From: "Antonio J. Delgado" <ad@susurrando.com>
Date: Tue, 1 Apr 2025 17:25:33 +0300
Subject: [PATCH] Handle subprocess errors

---
 smtpd_watcher/smtpd_watcher.py | 67 ++++++++++++++++++++++++++++------
 1 file changed, 55 insertions(+), 12 deletions(-)

diff --git a/smtpd_watcher/smtpd_watcher.py b/smtpd_watcher/smtpd_watcher.py
index 490e328..0bdb2fe 100644
--- a/smtpd_watcher/smtpd_watcher.py
+++ b/smtpd_watcher/smtpd_watcher.py
@@ -49,16 +49,24 @@ class SmtpdWatcher:
         result = subprocess.run(
             ['/usr/bin/fail2ban-client', 'get', 'postfix', 'banned'],
             encoding='utf-8',
-            check=True,
+            check=False,
             capture_output=True,
         )
-        # self._log.debug(
-        #     "Args: %s. Stdout: %s. Return code: %s. Stderr: %s",
-        #     result.args,
-        #     result.stdout,
-        #     result.returncode,
-        #     result.stderr,
-        # )
+        if result.returncode != 0:
+            self._log.error(
+                "Error %s getting postfix banned IPs. %s. %s",
+                result.returncode,
+                result.stdout,
+                result.stderr
+            )
+            sys.exit(3)
+        self._log.debug(
+            "Args: %s. Stdout: %s. Return code: %s. Stderr: %s",
+            result.args,
+            result.stdout,
+            result.returncode,
+            result.stderr,
+        )
         ips['postfix'] = result.stdout.replace("'", '').replace(',', '').replace(']', '').replace('[', '').split(' ')
         self._log.debug(
             "Banned IPs in postfix jail: %s",
@@ -67,9 +75,17 @@ class SmtpdWatcher:
         result = subprocess.run(
             ['/usr/bin/fail2ban-client', 'get', 'postfix-sasl', 'banned'],
             encoding='utf-8',
-            check=True,
+            check=False,
             capture_output=True,
         )
+        if result.returncode != 0:
+            self._log.error(
+                "Error %s getting postfix SASL banned IPs. %s. %s",
+                result.returncode,
+                result.stdout,
+                result.stderr
+            )
+            sys.exit(3)
         ips['postfix-sasl'] = result.stdout.replace("'", '').replace(',', '').replace(']', '').replace('[', '').split(' ')
         self._log.debug(
             "Banned IPs in postfix-sasl jail: %s",
@@ -78,9 +94,17 @@ class SmtpdWatcher:
         result = subprocess.run(
             ['ufw', 'status', 'numbered'],
             encoding='utf-8',
-            check=True,
+            check=False,
             capture_output=True,
         )
+        if result.returncode != 0:
+            self._log.error(
+                "Error %s getting UFW rules. %s. %s",
+                result.returncode,
+                result.stdout,
+                result.stderr
+            )
+            sys.exit(3)
         ips['ufw'] = []
         for line in result.stdout:
             if 'DENY IN' in line:
@@ -143,9 +167,18 @@ class SmtpdWatcher:
         result = subprocess.run(
             ['/usr/sbin/ufw', 'deny', 'from', ip],
             encoding='utf-8',
-            check=True,
+            check=False,
             capture_output=True,
         )
+        if result.returncode != 0:
+            self._log.error(
+                "Error %s dennying traffic from IP %s. %s. %s",
+                result.returncode,
+                ip,
+                result.stdout,
+                result.stderr
+            )
+            sys.exit(3)
         self._log.debug(
             "Denying traffic from IP '%s' in UFW result: %s",
             ip,
@@ -159,9 +192,19 @@ class SmtpdWatcher:
         result = subprocess.run(
             ['/usr/bin/fail2ban-client', 'set', jail, 'banip', ip],
             encoding='utf-8',
-            check=True,
+            check=False,
             capture_output=True,
         )
+        if result.returncode != 0:
+            self._log.error(
+                "Error %s setting ban on jail %s to IP %s. %s. %s",
+                result.returncode,
+                jail,
+                ip,
+                result.stdout,
+                result.stderr
+            )
+            sys.exit(3)
         self._log.debug(
             "Adding ban to IP '%s' in jail '%s' result: %s",
             ip,