adelgado/smtpd_watcher
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Handle subprocess errors

Browse source
This commit is contained in:
Antonio J. Delgado 2025-04-01 17:25:33 +03:00
parent 6c68429bfc
commit d2f1a52827
1 changed files with 55 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
smtpd_watcher/smtpd_watcher.py
View file

@ -49,16 +49,24 @@ class SmtpdWatcher:
result = subprocess.run( result = subprocess.run(
['/usr/bin/fail2ban-client', 'get', 'postfix', 'banned'], ['/usr/bin/fail2ban-client', 'get', 'postfix', 'banned'],
encoding='utf-8', encoding='utf-8',
check=True, check=False,
capture_output=True, capture_output=True,
) )
# self._log.debug( if result.returncode != 0:
# "Args: %s. Stdout: %s. Return code: %s. Stderr: %s", self._log.error(
# result.args, "Error %s getting postfix banned IPs. %s. %s",
# result.stdout, result.returncode,
# result.returncode, result.stdout,
# result.stderr, result.stderr
# ) )
sys.exit(3)
self._log.debug(
"Args: %s. Stdout: %s. Return code: %s. Stderr: %s",
result.args,
result.stdout,
result.returncode,
result.stderr,
)
ips['postfix'] = result.stdout.replace("'", '').replace(',', '').replace(']', '').replace('[', '').split(' ') ips['postfix'] = result.stdout.replace("'", '').replace(',', '').replace(']', '').replace('[', '').split(' ')
self._log.debug( self._log.debug(
"Banned IPs in postfix jail: %s", "Banned IPs in postfix jail: %s",
@ -67,9 +75,17 @@ class SmtpdWatcher:
result = subprocess.run( result = subprocess.run(
['/usr/bin/fail2ban-client', 'get', 'postfix-sasl', 'banned'], ['/usr/bin/fail2ban-client', 'get', 'postfix-sasl', 'banned'],
encoding='utf-8', encoding='utf-8',
check=True, check=False,
capture_output=True, capture_output=True,
) )
if result.returncode != 0:
self._log.error(
"Error %s getting postfix SASL banned IPs. %s. %s",
result.returncode,
result.stdout,
result.stderr
)
sys.exit(3)
ips['postfix-sasl'] = result.stdout.replace("'", '').replace(',', '').replace(']', '').replace('[', '').split(' ') ips['postfix-sasl'] = result.stdout.replace("'", '').replace(',', '').replace(']', '').replace('[', '').split(' ')
self._log.debug( self._log.debug(
"Banned IPs in postfix-sasl jail: %s", "Banned IPs in postfix-sasl jail: %s",
@ -78,9 +94,17 @@ class SmtpdWatcher:
result = subprocess.run( result = subprocess.run(
['ufw', 'status', 'numbered'], ['ufw', 'status', 'numbered'],
encoding='utf-8', encoding='utf-8',
check=True, check=False,
capture_output=True, capture_output=True,
) )
if result.returncode != 0:
self._log.error(
"Error %s getting UFW rules. %s. %s",
result.returncode,
result.stdout,
result.stderr
)
sys.exit(3)
ips['ufw'] = [] ips['ufw'] = []
for line in result.stdout: for line in result.stdout:
if 'DENY IN' in line: if 'DENY IN' in line:
@ -143,9 +167,18 @@ class SmtpdWatcher:
result = subprocess.run( result = subprocess.run(
['/usr/sbin/ufw', 'deny', 'from', ip], ['/usr/sbin/ufw', 'deny', 'from', ip],
encoding='utf-8', encoding='utf-8',
check=True, check=False,
capture_output=True, capture_output=True,
) )
if result.returncode != 0:
self._log.error(
"Error %s dennying traffic from IP %s. %s. %s",
result.returncode,
ip,
result.stdout,
result.stderr
)
sys.exit(3)
self._log.debug( self._log.debug(
"Denying traffic from IP '%s' in UFW result: %s", "Denying traffic from IP '%s' in UFW result: %s",
ip, ip,
@ -159,9 +192,19 @@ class SmtpdWatcher:
result = subprocess.run( result = subprocess.run(
['/usr/bin/fail2ban-client', 'set', jail, 'banip', ip], ['/usr/bin/fail2ban-client', 'set', jail, 'banip', ip],
encoding='utf-8', encoding='utf-8',
check=True, check=False,
capture_output=True, capture_output=True,
) )
if result.returncode != 0:
self._log.error(
"Error %s setting ban on jail %s to IP %s. %s. %s",
result.returncode,
jail,
ip,
result.stdout,
result.stderr
)
sys.exit(3)
self._log.debug( self._log.debug(
"Adding ban to IP '%s' in jail '%s' result: %s", "Adding ban to IP '%s' in jail '%s' result: %s",
ip, ip,