Solved

Fail2ban:  disable email notifications

Posted on 2014-03-08
12
9,028 Views
Last Modified: 2014-06-09
Hi All,

I recently setup fail2ban on my CentOS 6.5 VPS, which running as expected.

I dont want an email everytime a spammer is blocked.

How do I disable email notifications?


many thanks
0
Comment
Question by:detox1978
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 7

Expert Comment

by:unSpawn
ID: 39915702
In /etc/fail2ban/jail.conf locate the jail by its name in brackets, then from the "action =" lines remove the "sendmail.*dest=you@mail.com]" part. The re-initialize the configuration change by running 'fail2ban-client reload [name-of-jail]' and check with 'fail2ban-client get [name-of-jail] actionstart'.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39915712
That didnt work.

I commented out my email address and reloaded fail2ban, but it's still sending me email

fail2ban-client -d

Open in new window

returns
['set', 'postfix', 'setcinfo', 'sendmail', 'dest', 'myemail@gmail.com']

Open in new window

0
 
LVL 7

Expert Comment

by:unSpawn
ID: 39916834
From your output it seems enabled but you didn't post what you did nor your jail.conf contents, so rinse & repeat in the jail.conf Postfix section. Then check with 'grep -v -n ^# /etc/fail2ban/jail.conf | grep sendmail' and if OK reload the affected services.
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 2

Author Comment

by:detox1978
ID: 39934694
Sorry for the delay

[root@www ~]# grep -v -n ^# /etc/fail2ban/jail.conf | grep sendmail
69:           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]
79:           sendmail-whois[name=ProFTPD, dest=you@example.com]
91:           sendmail-whois[name=sasl, dest=you@example.com]
102:              sendmail-whois[name=SSH, dest=you@example.com]
139:action   = sendmail-whois[name=VSFTPD, dest=you@example.com]
151:           sendmail-whois[name=VSFTPD, dest=you@example.com]
164:           sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
176:           sendmail[name=Postfix, dest=you@example.com]
229:           sendmail-whois[name="SSH,IPFW", dest=you@example.com]
274:           sendmail-whois[name=Named, dest=you@example.com]
285:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
294:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
309:           sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]

Open in new window


I'm still getting emails.... :-(
0
 
LVL 2

Author Comment

by:detox1978
ID: 39934723
Bizzarly when I reload fail2ban it says the jail already exists?

[root@www ~]# fail2ban-client -i
Fail2Ban v0.8.7 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.

fail2ban> reload
WARNING 'action' not defined in 'php-url-fopen'. Using default value
WARNING 'action' not defined in 'lighttpd-auth'. Using default value
WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value
The jail 'postfix' already exists
fail2ban>

Open in new window

0
 
LVL 2

Author Comment

by:detox1978
ID: 39934742
Ok, I managed to reload the jail (I was using the wrong command).  When I check the status I get the following

[root@www ~]# fail2ban-client status postfix
Status for the jail: postfix
|- filter
|  |- File list:        /var/log/maillog
|  |- Currently failed: 206
|  `- Total failed:     219
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0

Open in new window

0
 
LVL 2

Author Comment

by:detox1978
ID: 39935599
I'm still getting lots of email notifications.  So not sure what else to try.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40017062
This is still a big issue for me.  Any ideas.  This should be pretty simple.
0
 
LVL 29

Accepted Solution

by:
Jan Springer earned 250 total points
ID: 40020402
I would create an email alias that gets forwarded to /dev/null in your email server configuration and use that email address in your notify section of the configuration.
0
 
LVL 30

Assisted Solution

by:serialband
serialband earned 250 total points
ID: 40020619
in jail.conf change

action = %(action_mw)s
   to
action = %(action_)s

There are several actions defined in jail.conf.  action_mw sends mail.  action_ does not.

or

Find and change
destemail = your_email@domain.com
0
 
LVL 2

Author Closing Comment

by:detox1978
ID: 40121616
Sorry for the delay.  I created a rule in my gmail account to bin them, so this is no longer needed.

Many thanks
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question