10

My CentOS server has postfix as MTA and it’s working. When I type the command mail -s "testing" <my gmail address>, I receive the email.

However, Fail2ban is unable to send emails to my gmail address when an IP gets banned. I’m probably missing some configuration in jail.conf.

Here is part of my jail.conf file:

destemail = myaddress@gmail.com
sendername = fail2ban
mta = sendmail
protocol = tcp
action = %(action_mwl)s

I already tried mta = postfix and it didn’t work.

Thanks in advance for your help.

EDIT: I was able to make it work. None of the configuration above is correct for my fail2ban v0.8.10 and my linux CentOS 6. In fact, I removed all the lines above (garbage).

I found a pre-defined action in /etc/fail2ban/action.d/mail.conf file. I noticed this action uses "mail -s" command which works on my server. So, I decided to use this action in my jail.conf file as such:

[ssh-iptables]
enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           mail[name=ssh, dest=my-address@gmail.com]
logpath  = /var/log/secure
maxretry = 5

The only thing that needs to be change to get an email from fail2ban is to add that line below “action” that starts with “mail.” Very simple and easy.

Giacomo1968
  • 25,759
  • 11
  • 71
  • 103
GreenTeaTech
  • 423
  • 4
  • 7
  • 16
  • 2
    action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"] – GreenTeaTech Sep 17 '14 at 12:49
  • Anyone? I searched for a solution, but what I found is exactly what I'm currently using. – GreenTeaTech Sep 19 '14 at 20:34
  • if you know the solution, please help. I stucked, and reasked here : https://unix.stackexchange.com/questions/651281/fail2ban-email-notification-is-not-triggering – code-8 May 25 '21 at 12:42

3 Answers3

2

You should change mta = sendmail to:

mta = mail
Tom
  • 9,275
  • 25
  • 89
  • 147
  • I tried that and it is ***not*** working still. Pleasesee. https://unix.stackexchange.com/questions/651281/fail2ban-email-notification-is-not-triggering – code-8 May 25 '21 at 12:41
0

if you want email notifications with whois i found this solution

[sshd]
enabled = true
logpath = %(sshd_log)s
action   = iptables-ipset-proto6[name=ssh, port=ssh, protocol=tcp, bantime=0]
       mail-whois[name=sshd, dest=my-email@something.com]
findtime = 3600
bantime  = -1
maxretry = 3
kusjev
  • 1
  • Where do you find this solution? Can you explain your code? – Sfili_81 Nov 22 '21 at 07:51
  • i tried with mail[name=sshd, dest=my-email@something.com] but then i got just simple notifications. Just tried with mail-whois and working – kusjev Nov 22 '21 at 08:44
0

All of the above did not work for me.

What worked for me was adding second line under action =....

to be:

sendmail[mailcmd='/usr/sbin/sendmail -f "<sender>" "<dest>"', dest="email@recipient.com", sender="fail2ban", sendername="Fail2Ban", name="jail_name"]

Note: You may do so for various jails.

Also note, that if you would like to get an email notification for ModSecurity, you can do so, by setting a Fail2Ban jail for ModSecurity, and then get the email notifications.

Ziegel
  • 1
  • 1