Solved

Fail2ban:  disable email notifications

Posted on 2014-03-08
12
8,141 Views
Last Modified: 2014-06-09
Hi All,

I recently setup fail2ban on my CentOS 6.5 VPS, which running as expected.

I dont want an email everytime a spammer is blocked.

How do I disable email notifications?


many thanks
0
Comment
Question by:detox1978
12 Comments
 
LVL 7

Expert Comment

by:unSpawn
ID: 39915702
In /etc/fail2ban/jail.conf locate the jail by its name in brackets, then from the "action =" lines remove the "sendmail.*dest=you@mail.com]" part. The re-initialize the configuration change by running 'fail2ban-client reload [name-of-jail]' and check with 'fail2ban-client get [name-of-jail] actionstart'.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39915712
That didnt work.

I commented out my email address and reloaded fail2ban, but it's still sending me email

fail2ban-client -d

Open in new window

returns
['set', 'postfix', 'setcinfo', 'sendmail', 'dest', 'myemail@gmail.com']

Open in new window

0
 
LVL 7

Expert Comment

by:unSpawn
ID: 39916834
From your output it seems enabled but you didn't post what you did nor your jail.conf contents, so rinse & repeat in the jail.conf Postfix section. Then check with 'grep -v -n ^# /etc/fail2ban/jail.conf | grep sendmail' and if OK reload the affected services.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39934694
Sorry for the delay

[root@www ~]# grep -v -n ^# /etc/fail2ban/jail.conf | grep sendmail
69:           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]
79:           sendmail-whois[name=ProFTPD, dest=you@example.com]
91:           sendmail-whois[name=sasl, dest=you@example.com]
102:              sendmail-whois[name=SSH, dest=you@example.com]
139:action   = sendmail-whois[name=VSFTPD, dest=you@example.com]
151:           sendmail-whois[name=VSFTPD, dest=you@example.com]
164:           sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
176:           sendmail[name=Postfix, dest=you@example.com]
229:           sendmail-whois[name="SSH,IPFW", dest=you@example.com]
274:           sendmail-whois[name=Named, dest=you@example.com]
285:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
294:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
309:           sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]

Open in new window


I'm still getting emails.... :-(
0
 
LVL 2

Author Comment

by:detox1978
ID: 39934723
Bizzarly when I reload fail2ban it says the jail already exists?

[root@www ~]# fail2ban-client -i
Fail2Ban v0.8.7 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.

fail2ban> reload
WARNING 'action' not defined in 'php-url-fopen'. Using default value
WARNING 'action' not defined in 'lighttpd-auth'. Using default value
WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value
The jail 'postfix' already exists
fail2ban>

Open in new window

0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 2

Author Comment

by:detox1978
ID: 39934742
Ok, I managed to reload the jail (I was using the wrong command).  When I check the status I get the following

[root@www ~]# fail2ban-client status postfix
Status for the jail: postfix
|- filter
|  |- File list:        /var/log/maillog
|  |- Currently failed: 206
|  `- Total failed:     219
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0

Open in new window

0
 
LVL 2

Author Comment

by:detox1978
ID: 39935599
I'm still getting lots of email notifications.  So not sure what else to try.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40017062
This is still a big issue for me.  Any ideas.  This should be pretty simple.
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 250 total points
ID: 40020402
I would create an email alias that gets forwarded to /dev/null in your email server configuration and use that email address in your notify section of the configuration.
0
 
LVL 28

Assisted Solution

by:serialband
serialband earned 250 total points
ID: 40020619
in jail.conf change

action = %(action_mw)s
   to
action = %(action_)s

There are several actions defined in jail.conf.  action_mw sends mail.  action_ does not.

or

Find and change
destemail = your_email@domain.com
0
 
LVL 2

Author Closing Comment

by:detox1978
ID: 40121616
Sorry for the delay.  I created a rule in my gmail account to bin them, so this is no longer needed.

Many thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New-MailboxSearch Powershell Command and step by step approach to Search and Extract Emails form Exchange 2013 Journaling server.
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now