• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9713
  • Last Modified:

Fail2ban: disable email notifications

Hi All,

I recently setup fail2ban on my CentOS 6.5 VPS, which running as expected.

I dont want an email everytime a spammer is blocked.

How do I disable email notifications?


many thanks
0
detox1978
Asked:
detox1978
2 Solutions
 
unSpawnCommented:
In /etc/fail2ban/jail.conf locate the jail by its name in brackets, then from the "action =" lines remove the "sendmail.*dest=you@mail.com]" part. The re-initialize the configuration change by running 'fail2ban-client reload [name-of-jail]' and check with 'fail2ban-client get [name-of-jail] actionstart'.
0
 
detox1978Author Commented:
That didnt work.

I commented out my email address and reloaded fail2ban, but it's still sending me email

fail2ban-client -d

Open in new window

returns
['set', 'postfix', 'setcinfo', 'sendmail', 'dest', 'myemail@gmail.com']

Open in new window

0
 
unSpawnCommented:
From your output it seems enabled but you didn't post what you did nor your jail.conf contents, so rinse & repeat in the jail.conf Postfix section. Then check with 'grep -v -n ^# /etc/fail2ban/jail.conf | grep sendmail' and if OK reload the affected services.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
detox1978Author Commented:
Sorry for the delay

[root@www ~]# grep -v -n ^# /etc/fail2ban/jail.conf | grep sendmail
69:           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]
79:           sendmail-whois[name=ProFTPD, dest=you@example.com]
91:           sendmail-whois[name=sasl, dest=you@example.com]
102:              sendmail-whois[name=SSH, dest=you@example.com]
139:action   = sendmail-whois[name=VSFTPD, dest=you@example.com]
151:           sendmail-whois[name=VSFTPD, dest=you@example.com]
164:           sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
176:           sendmail[name=Postfix, dest=you@example.com]
229:           sendmail-whois[name="SSH,IPFW", dest=you@example.com]
274:           sendmail-whois[name=Named, dest=you@example.com]
285:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
294:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
309:           sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]

Open in new window


I'm still getting emails.... :-(
0
 
detox1978Author Commented:
Bizzarly when I reload fail2ban it says the jail already exists?

[root@www ~]# fail2ban-client -i
Fail2Ban v0.8.7 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.

fail2ban> reload
WARNING 'action' not defined in 'php-url-fopen'. Using default value
WARNING 'action' not defined in 'lighttpd-auth'. Using default value
WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value
The jail 'postfix' already exists
fail2ban>

Open in new window

0
 
detox1978Author Commented:
Ok, I managed to reload the jail (I was using the wrong command).  When I check the status I get the following

[root@www ~]# fail2ban-client status postfix
Status for the jail: postfix
|- filter
|  |- File list:        /var/log/maillog
|  |- Currently failed: 206
|  `- Total failed:     219
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0

Open in new window

0
 
detox1978Author Commented:
I'm still getting lots of email notifications.  So not sure what else to try.
0
 
detox1978Author Commented:
This is still a big issue for me.  Any ideas.  This should be pretty simple.
0
 
Jan SpringerCommented:
I would create an email alias that gets forwarded to /dev/null in your email server configuration and use that email address in your notify section of the configuration.
0
 
serialbandCommented:
in jail.conf change

action = %(action_mw)s
   to
action = %(action_)s

There are several actions defined in jail.conf.  action_mw sends mail.  action_ does not.

or

Find and change
destemail = your_email@domain.com
0
 
detox1978Author Commented:
Sorry for the delay.  I created a rule in my gmail account to bin them, so this is no longer needed.

Many thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now